[prev in list] [next in list] [prev in thread] [next in thread]
List: annvix-announce
Subject: [announce] AVXSA-2005:016 security fixes
From: vdanen () annvix ! org
Date: 2005-06-22 3:09:03
Message-ID: E1Dkvbr-0003eX-LA () build ! annvix ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Annvix Security Update Advisory
_______________________________________________________________________
Package name: sudo
Advisory ID: AVXSA-2005:016
Date: June 21st, 2005
Affected versions: 1.0-RELEASE
______________________________________________________________________
Problem Description:
A race condition was discovered in sudo by Charles Morris. This could
lead to the escalation of privileges if /etc/sudoers allowed a user to
execute selected programs that were then followed by another line
containing the pseudo-command "ALL". By creating symbolic links at a
certain time, that user could execute arbitrary commands.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1993
http://www.sudo.ws/sudo/alerts/path_race.html
______________________________________________________________________
Updated Packages:
Annvix 1.0-RELEASE:
dd5ed6826d370184b2f2d79ea7a539ff870baa75 1.0-RELEASE/SRPMS/sudo-1.6.8p2-1.1avx.src.rpm
c0fb9ddf53cd05ddbae84b6bbc21598c44ae4d58 1.0-RELEASE/i586/sudo-1.6.8p2-1.1avx.i586.rpm
0120961a60f11a3717263d25d500ffba832e497a 1.0-RELEASE/x86_64/sudo-1.6.8p2-1.1avx.x86_64.rpm
_______________________________________________________________________
All Annvix security advisories are available at:
http://annvix.org/advisories/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFCuDfmJnj1HmfyJpYRAhtaAJwPg5Q5R3a8CXnHTycrosIxE0apLgCdEf54
PG60hoUcopYvOF++8zwECdA=
=jevv
-----END PGP SIGNATURE-----
_______________________________________________
announce mailing list
announce@annvix.org
http://annvix.org/mailman/listinfo/announce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic