Mandrake Linux Security Advisory : sudo (MDKSA-2005:103)
Low Nessus Plugin ID 18550
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA race condition was discovered in sudo by Charles Morris. This could lead to the escalation of privileges if /etc/sudoers allowed a user to execute selected programs that were then followed by another line containing the pseudo-command 'ALL'. By creating symbolic links at a certain time, that user could execute arbitrary commands.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected sudo package.