Scientific Linux Security Update : sudo on SL5.x i386/x86_64
Medium Nessus Plugin ID 60803
SynopsisThe remote Scientific Linux host is missing a security update.
DescriptionA flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the environment variables set by sudo, which could result in those values being used by the executed command instead of the values set by sudo. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. (CVE-2010-1646)
SolutionUpdate the affected sudo package.