Package: sudo
Version: 1.6.8p12-4
Severity: important
Tags: security

As described in http://www.securityfocus.com/bid/24287 sudo is vulnerable
to an exploit where the executed command can be altered/replaced using
ptrace(). (Permission in the /etc/sudoers file to run the altered command
is still needed, but this vulnerability IMO has high security impact still.)

Sorry if it's a duplicate and I missed the first report.

Best regards,

norbi


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (700, 'stable'), (660, 'oldstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=C, LC_CTYPE=hu_HU (charmap=ISO-8859-2)

Versions of packages sudo depends on:
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libpam-modules              0.79-4       Pluggable Authentication Modules f
ii  libpam0g                    0.79-4       Pluggable Authentication Modules l

sudo recommends no packages.

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to