SynopsisThe remote Debian host is missing a security-related update.
DescriptionSeveral vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users.
The Common Vulnerabilities and Exposures project identifies the following problems :
- CVE-2010-0426 It was discovered that sudo when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file.
- CVE-2010-0427 It was discovered that sudo when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
SolutionUpgrade the sudo package.
For the stable distribution (lenny), these problems have been fixed in version 1.6.9p17-2+lenny1