fallo seguridad sudo =?iso-8859-1?B?v1F1?= =?iso-8859-1?Q?=E9?= hacer?

Ignacio Garcï¿½a Fernï¿½ndez Fri, 26 Apr 2002 04:20:21 -0500

Una compaï¿½era me envï¿½a un mensaje avisï¿½ndome de un problema de seguridad en
sudo (ver mï¿½s abajo).


El caso es que estï¿½ corregido en las versiones posteriores a 1.6.5p2 que no
estï¿½n disponibles en Debian woody ni sid.

Quï¿½ se hace en estos casos? Cï¿½mo envï¿½o un aviso a la gente de
debian-security? Les envï¿½o un correo a la lista? He mirado en el bts y en los
avisos de seguridad en www.debian.org y no he encontrado nada.

Gracias y un saludo

Ignacio

<MENSAJE REENVIADO>

Security Advisory - RHSA-2002:071-07
------------------------------------------------------------------------------
Description:
The sudo (superuser do) utility allows system administrators to give certain
users the ability to run commands as root with logging. 

Global InterSec LLC found an issue with Sudo 1.6.5p2 and earlier which can
be exploited to allow a local attacker to gain root privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0184 to this issue.

Users of Sudo are advised to upgrade to these errata packages which are
not vulnerable to this issue.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0184
http://www.globalintersec.com/adv/sudo-2002041701.txt

</MENSAJE REENVIADO>




-- 
Codigo ergo sum
-------------------------
Ignacio Garcï¿½a Fernï¿½ndez 
[EMAIL PROTECTED]
Instituto de Robï¿½tica.   
Universidad de Valencia.
Tlf. 96 398 3583


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

fallo seguridad sudo =?iso-8859-1?B?v1F1?= =?iso-8859-1?Q?=E9?= hacer?

Responder a