Package: sudo Version: 1.7.4p4-2.squeeze.2 Severity: important Tags: security
If root runs a command as a less priviledged user with "sudo -u", if the user was compromised, the script will be able to run commands as root by injecting keystrokes on the terminal. This is the same problem as #628843 - the exploit code referenced there works with sudo, too. cu AW -- System Information: Debian Release: 6.0.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (50, 'proposed-updates') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages sudo depends on: ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii libpam-modules 1.1.1-6.1+squeeze1 Pluggable Authentication Modules f ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l sudo recommends no packages. sudo suggests no packages. -- Configuration Files: /etc/sudoers.d/README [Errno 13] Permission denied: u'/etc/sudoers.d/README' -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
