Mandrake Linux Security Advisory : sudo (MDKSA-2002:003)
High Nessus Plugin ID 13911
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionThe SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail (or equivalent mailer) program with root privileges and an environment that is not completely clean. This problem has been fixed upstream by the author in sudo 1.6.4 and it is highly recommended that all users upgrade regardless of what mailer you are using.
SolutionUpdate the affected sudo package.