VMware Security Advisory 2010-0015 - ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo OpenSSL, GnuTLS, NSS and NSPR packages.
fdad8c6c91e0eabfe81a21d19d5f5d5ed52fdc1c4de978eea683eae1e3131b79Gentoo Linux Security Advisory 201009-3 - The secure path feature and group handling in sudo allow local attackers to escalate privileges. Versions less than 1.7.4_p3-r1 are affected.
64d26ed806b78f1b66f52278ea929c7c037d7db811b81866bdff928a6b17c6fbUbuntu Security Notice 956-1 - Evan Broder and Anders Kaseorg discovered that sudo did not properly sanitize its environment when configured to use secure_path (the default in Ubuntu). A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program that interpreted the PATH environment variable.
3037de18c813969c11a9138193a5c6d4ce5ee796f319b9f4908916e348a376d4Mandriva Linux Security Advisory 2010-118 - The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. The updated packages have been patched to correct this issue.
a6f9d68d5a98a18e9429bb668817f36a35b35d16b65840e3bd8a85b84df5552aDebian Linux Security Advisory 2062-1 - Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting.
1445828e2f6519ef6217dac523b9973bc9ec175522f36db6c547b17eacde8bf8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed