SUSE-SA:2005:036: sudo

Medium Nessus Plugin ID 19245


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2005:036 (sudo).

Sudo(8) allows the execution of commands as another user and gives the administrator more flexibility than su(1).
A race condition in the pathname handling of sudo may allow a local user to execute arbitrary commands. To exploit this bug some conditions need to be fulfilled. The attacking user needs to be listed in the sudoers file, he is able to create symbolic links in the filesystem, and a ALL alias- command needs to follow the attackers entry.


Plugin Details

Severity: Medium

ID: 19245

File Name: suse_SA_2005_036.nasl

Version: $Revision: 1.4 $

Agent: unix

Published: 2005/07/20

Dependencies: 12634

Risk Information

Risk Factor: Medium

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list