Mandriva Linux Security Advisory : sudo (MDVSA-2015:126)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated sudo packages fix security vulnerability :

Prior to sudo 1.8.12, the TZ environment variable was passed through
unchecked. Most libc tzset() implementations support passing an
absolute pathname in the time zone to point to an arbitrary,
user-controlled file. This may be used to exploit bugs in the C
library's TZ parser or open files the user would not otherwise have
access to. Arbitrary file access via TZ could also be used in a denial
of service attack by reading from a file or fifo that will block
(CVE-2014-9680).

The sudo package has been updated to version 1.8.12, fixing this issue
and several other bugs.

See also :

http://advisories.mageia.org/MGASA-2015-0079.html

Solution :

Update the affected sudo and / or sudo-devel packages.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82379 ()

Bugtraq ID:

CVE ID: CVE-2014-9680

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now