- Package name
- Advisory ID
- Affected versions
- 2009.0 x86_64 , 2009.0 i586
A vulnerability has been found and corrected in sudo:
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does
not properly handle when a file in the current working directory has
the same name as a pseudo-command in the sudoers file and the PATH
contains an entry for ., which allows local users to execute arbitrary
commands via a Trojan horse executable, as demonstrated using sudoedit,
a different vulnerability than CVE-2010-0426 (CVE-2010-1163).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
The updated packages have been patched to correct this issue.
Packages for 2009.0 are provided due to the Extended Maintenance
8edb8fe51c5e20485dfb05e77fed1810 2009.0/x86_64/sudo-1.6.9p17-1.4mdv2009.0.x86_64.rpm bc3a2e562beff984298dec1a5de1e88b 2009.0/SRPMS/sudo-1.6.9p17-1.4mdv2009.0.src.rpm
7e7362e28da1dadf1e9e49688c2388fa 2009.0/i586/sudo-1.6.9p17-1.4mdv2009.0.i586.rpm bc3a2e562beff984298dec1a5de1e88b 2009.0/SRPMS/sudo-1.6.9p17-1.4mdv2009.0.src.rpm