This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
A vulnerability has been found and corrected in sudo :
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does
not properly handle when a file in the current working directory has
the same name as a pseudo-command in the sudoers file and the PATH
contains an entry for ., which allows local users to execute arbitrary
commands via a Trojan horse executable, as demonstrated using
sudoedit, a different vulnerability than CVE-2010-0426
Packages for 2008.0 are provided for Corporate Desktop 2008.0
The updated packages have been patched to correct this issue.
Packages for 2009.0 are provided due to the Extended Maintenance
Update the affected sudo package.
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 6.0
Public Exploit Available : true