exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

Ubuntu Security Notice 928-1
Posted Apr 16, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 928-1 - Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.'). If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
SHA-256 | df59af3d86e31c22e26814b4aa1ab11c9bd89f40477850b2aff9f197b5257410
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close