Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

SciLinux: 2014:0266-1 Moderate: sudo Security Update on SL5.x

Scientific Large Esm H446
Moderate: sudo security update
Date: Mon, 10 Mar 2014 17:34:45 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: sudo on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: sudo security update
Advisory ID: SLSA-2014:0266-1
Issue Date: 2014-03-10
CVE Numbers: CVE-2014-0106
--

A flaw was found in the way sudo handled its blacklist of environment
variables. When the "env_reset" option was disabled, a user permitted to
run certain commands via sudo could use this flaw to run such a command
with one of the blacklisted environment variables set, allowing them to
run an arbitrary command with the target user's privileges.
(CVE-2014-0106)

Note: This issue does not affect the default configuration of the sudo
package as shipped with Scientific Linux 5.
--

SL5
 x86_64
 sudo-1.7.2p1-29.el5_10.x86_64.rpm
 sudo-debuginfo-1.7.2p1-29.el5_10.x86_64.rpm
 i386
 sudo-1.7.2p1-29.el5_10.i386.rpm
 sudo-debuginfo-1.7.2p1-29.el5_10.i386.rpm

- Scientific Linux Development Team