Detections
Analytics

MiracleLinux 3 : sudo-1.7.2p1-14.AXS3.3 (AXSA:2012-777:03)

medium Nessus Plugin ID 284470

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-777:03 advisory.

 Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per- command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines.
 Security issues fixed with this release:
 CVE-2012-3440 A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
 Fixed bugs:
 Previously, sudo escaped non-alphanumeric characters at the wrong place, which could interfere with the authorization process. This has been fixed.
 Sudo now uses SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK so that sudo can exit and send the correct output.
 Previously, updating the sudo package resulted in the sudoers line in /etc/nsswitch.conf being removed. This has been fixed Fixed a race condition in which a program executer by sudo could finish before sudo started waiting for it, leaving the program as a zombie, and sudo waiting for it. This has been fixed.
 Solved many regression problems introduced by previous updates leading to several services not starting.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected sudo package.

See Also

https://tsn.miraclelinux.com/en/node/3315

Plugin Details

Severity: Medium

ID: 284470

File Name: miracle_linux_AXSA-2012-777.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.4

Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:C

CVSS Score Source: CVE-2012-3440

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:sudo, cpe:/o:miracle:linux:3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/20/2012

Vulnerability Publication Date: 8/7/2012

Reference Information

CVE: CVE-2012-3440