Mandrake Linux Security Advisory : sudo (MDKSA-2005:201)
Medium Nessus Plugin ID 20127
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionTavis Ormandy discovered that sudo does not perform sufficient environment cleaning; in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is executed.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected sudo package.