|
|
>> Fedora Security Update Fixes Sudo Command Execution Vulnerability
|
Title : Fedora Security Update Fixes Sudo Command Execution Vulnerability
VUPEN ID : VUPEN/ADV-2005-2955
CVE ID : CVE-2005-4158
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2005-12-19
|
Fedora has released updated packages to address a vulnerability identified in Sudo. This flaw is due to an error when handling the "PERLLIB", "PERL5LIB" and "PERL5OPT" environment variables, which could be exploited by malicious users with sudo access to perl scripts to execute arbitrary perl code on systems where the perl "tainting" option is disabled. For additional information, see : VUPEN/ADV-2005-2386
Affected Products
Fedora Core 4
Solution
Upgrade the affected packages :
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
21d5b27b820f17a3eda2b6ae9b1e7a1b SRPMS/sudo-1.6.8p8-2.4.src.rpm
c154c8dd716167be8b14eec6cf2f8ce6 ppc/sudo-1.6.8p8-2.4.ppc.rpm
28034d7c9dacdffbaf9acb1bd93b9e6a ppc/debug/sudo-debuginfo-1.6.8p8-2.4.ppc.rpm
e2feb677203c37b7a6104c6d17844bde x86_64/sudo-1.6.8p8-2.4.x86_64.rpm
c930455cfb47e95cb19ecc7e2efcde18 x86_64/debug/sudo-debuginfo-1.6.8p8-2.4.x86_64.rpm
88c0117a155eccdd3491a05acc620583 i386/sudo-1.6.8p8-2.4.i386.rpm
66260db738098e0e8320db96ee42c89c i386/debug/sudo-debuginfo-1.6.8p8-2.4.i386.rpm
References
http://www.vupen.com/english/advisories/2005/2955
http://www.frsirt.com/english/reference/2788
ChangeLog
2005-12-19 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
