Mandrake Linux Security Advisory : sudo (MDKSA-2004:133)
High Nessus Plugin ID 15738
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionLiam Helmer discovered a flow in sudo's environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands.
The problem is fixed in sudo 1.6.8p2; the provided packages have been patched to correct the issue.
SolutionUpdate the affected sudo package.