MDVSA-2010:078
- Nom du paquet
- sudo
- Date
- 2010-04-17
- Advisory ID
- MDVSA-2010:078
- Affected versions
- MES5 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.1 x86_64 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , MES5 x86_64
Problem description
A vulnerability has been found and corrected in sudo:
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does
not properly handle when a file in the current working directory has
the same name as a pseudo-command in the sudoers file and the PATH
contains an entry for ., which allows local users to execute arbitrary
commands via a Trojan horse executable, as demonstrated using sudoedit,
a different vulnerability than CVE-2010-0426 (CVE-2010-1163).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
3b933bf059e256b39720266c081366b7 mes5/i586/sudo-1.6.9p17-1.4mdvmes5.1.i586.rpm 3ce4545a21807d50a6c56c8793568e13 mes5/SRPMS/sudo-1.6.9p17-1.4mdvmes5.1.src.rpm
2010.0 x86_64
8a58adfb365a2e4a72aac915888f3941 2010.0/x86_64/sudo-1.7.2-0.p1.1.2mdv2010.0.x86_64.rpm 97644d9dcc9192176ff164025888fe23 2010.0/SRPMS/sudo-1.7.2-0.p1.1.2mdv2010.0.src.rpm
2010.0 i586
6836def05490065a3ef690a4db6ceaeb 2010.0/i586/sudo-1.7.2-0.p1.1.2mdv2010.0.i586.rpm 97644d9dcc9192176ff164025888fe23 2010.0/SRPMS/sudo-1.7.2-0.p1.1.2mdv2010.0.src.rpm
2009.1 i586
5a7bf57e7c12755cd7bb9748ff1f7dfa 2009.1/i586/sudo-1.7.0-1.4mdv2009.1.i586.rpm 255a1fe014959704dfe62df017a35c64 2009.1/SRPMS/sudo-1.7.0-1.4mdv2009.1.src.rpm
2009.1 x86_64
6909e7918c91397764ced733cff144b6 2009.1/x86_64/sudo-1.7.0-1.4mdv2009.1.x86_64.rpm 255a1fe014959704dfe62df017a35c64 2009.1/SRPMS/sudo-1.7.0-1.4mdv2009.1.src.rpm
CS4.0 i586
760d7e5fae3e0283baee3fc68c7cbdb4 corporate/4.0/i586/sudo-1.6.8p8-2.5.20060mlcs4.i586.rpm 068d3d23081e2a62b87ebcb025ed6177 corporate/4.0/SRPMS/sudo-1.6.8p8-2.5.20060mlcs4.src.rpm
2008.0 x86_64
c318cf27c9854dbf9ab3161b1ca0e4df 2008.0/x86_64/sudo-1.6.9p5-1.3mdv2008.0.x86_64.rpm c08dc2b7a2c9b70eb7a88c7a0c27339b 2008.0/SRPMS/sudo-1.6.9p5-1.3mdv2008.0.src.rpm
CS4.0 x86_64
1099c6e86bce8999137e592ff81202a2 corporate/4.0/x86_64/sudo-1.6.8p8-2.5.20060mlcs4.x86_64.rpm 068d3d23081e2a62b87ebcb025ed6177 corporate/4.0/SRPMS/sudo-1.6.8p8-2.5.20060mlcs4.src.rpm
2008.0 i586
1c5dcba21c94b32d088cea290b9289c1 2008.0/i586/sudo-1.6.9p5-1.3mdv2008.0.i586.rpm c08dc2b7a2c9b70eb7a88c7a0c27339b 2008.0/SRPMS/sudo-1.6.9p5-1.3mdv2008.0.src.rpm
MES5 x86_64
b49b8aba5f3b10396be9d1444797999b mes5/x86_64/sudo-1.6.9p17-1.4mdvmes5.1.x86_64.rpm 3ce4545a21807d50a6c56c8793568e13 mes5/SRPMS/sudo-1.6.9p17-1.4mdvmes5.1.src.rpm