Oval Definition:oval:org.mitre.oval:def:13622
Revision Date:2014-06-23Version:20
Title:DSA-2062-1 sudo -- missing input sanitisation
Description:Anders Kaseorg and Evan Broder discovered vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. For the stable distribution, this problem has been fixed in version 1.6.9p17-3 For the unstable distribution , this problem has been fixed in version 1.7.2p7-1, and will migrate to the testing distribution shortly. We recommend that you upgrade your sudo package.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2010-1646
DSA-2062-1
Platform(s):Debian GNU/Linux 5.0
Product(s):sudo
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • sudo-ldap DPKG is earlier than 1.6.9p17-3
  • OR sudo DPKG is earlier than 1.6.9p17-3
    • BACK