SUSE-SA:2005:036: sudo

medium Nessus Plugin ID 19245

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:036 (sudo).

Sudo(8) allows the execution of commands as another user and gives the administrator more flexibility than su(1).
A race condition in the pathname handling of sudo may allow a local user to execute arbitrary commands. To exploit this bug some conditions need to be fulfilled. The attacking user needs to be listed in the sudoers file, he is able to create symbolic links in the filesystem, and a ALL alias- command needs to follow the attackers entry.

Solution

http://www.suse.de/security/advisories/2005_36_sudo.html

Plugin Details

Severity: Medium

ID: 19245

File Name: suse_SA_2005_036.nasl

Version: 1.8

Agent: unix

Family: SuSE Local Security Checks

Published: 7/20/2005

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Detections

Analytics