From: Walt Sullivan (Walt.Sullivan@meriton.com)
Date: Fri Apr 26 2002 - 10:56:09 EDT
I received this advisory from RedHat, but since I (and, I hope, many others)
use sudo on Solaris, I'm forwarding it to the list. Sudo is available from
www.courtesan.com
Security Advisory - RHSA-2002:071-07
-----------------------------------------------------------------------------
-
Summary:
Updated sudo packages are available
Updated sudo packages are available which fix a local root exploit.
Description:
The sudo (superuser do) utility allows system administrators to give certain
users the ability to run commands as root with logging.
Global InterSec LLC found an issue with Sudo 1.6.5p2 and earlier which can
be exploited to allow a local attacker to gain root privileges.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0184 to this issue.
Users of Sudo are advised to upgrade to these errata packages which are
not vulnerable to this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0184
http://www.globalintersec.com/adv/sudo-2002041701.txt
Walt Sullivan
Unix System/Network Administrator
Meriton Networks
3026 Solandt Road,
Ottawa, Ontario K2K 2A5
walt.sullivan@meriton.com
(613) 270-9279 x262
Fax: (613) 270-9628
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:24:15 EDT