SuSE 10 Security Update : sudo (ZYPP Patch Number 6892)

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This update fixes the following security issue :

- A privilege escalation flaw was found in the way sudo
used to check file paths for pseudocommands. If local,
unprivileged user was authorized by sudoers file to edit
one or more files, it could lead to execution of
arbitrary code, with the privileges of privileged system
user (root). (CVE-2010-0426:CVSS v2 Base Score: 6.6)

See also :

http://support.novell.com/security/cve/CVE-2010-0426.html

Solution :

Apply ZYPP patch number 6892.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 49927 ()

Bugtraq ID:

CVE ID: CVE-2010-0426

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now