This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Security Fix(es) :
- It was discovered that the default sudo configuration
preserved the value of INPUTRC from the user's
environment, which could lead to information disclosure.
A local user with sudo access to a restricted program
that uses readline could use this flaw to read content
from specially formatted files with elevated privileges
provided by sudo. (CVE-2016-7091)
Note: With this update, INPUTRC was removed from the env_keep list in
/etc/sudoers to avoid having sudo preserve the value of this variable
when invoking privileged commands.
Additional Changes :
See also :
Update the affected sudo, sudo-debuginfo and / or sudo-devel packages.
Risk factor :
Medium / CVSS Base Score : 4.9