Mandriva Linux Security Advisory : sudo (MDVSA-2010:078-1)
Medium Nessus Plugin ID 45564
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA vulnerability has been found and corrected in sudo :
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ., which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426 (CVE-2010-1163).
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
The updated packages have been patched to correct this issue.
Packages for 2009.0 are provided due to the Extended Maintenance Program.
SolutionUpdate the affected sudo package.