FreeBSD Ports: Sudo Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://www.sudo.ws/pipermail/sudo-announce/2010-April/000093.html http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html http://www.vuxml.org/freebsd/1a9f678d-48ca-11df-85f8-000c29a67389.html

Insight

The following package is affected: sudo CVE-2010-1163 The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for '.', which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

Severity

Classification

CVE CVE-2010-1163
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

FreeBSD Ports: asterisk18
FreeBSD Ports: bogofilter, bogofilter-qdbm, bogofilter-tdb, ru-bogofilter
FreeBSD Ports: claws-mail, sylpheed-claws
FreeBSD Ports: bind9-sdb-ldap, bind9-sdb-postgresql
FreeBSD Ports: bugzilla

FreeBSD Ports: sudo

Take action and discover your vulnerabilities