commit 473e471e52a1446de217245d0cf8c8de9576e4b1
Author: Miklos Vajna <>
Date:   Fri Apr 23 17:42:37 2010 +0200

FSA660: add CVE

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index dbeb8ca..9b09a14 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -74,7 +74,7 @@
-               <cve>No CVE, see</cve>
<desc>A security issue has been reported in sudo, which can be exploited by 
malicious, local users to gain escalated privileges.
The security issue is caused due to an error within the command matching 
functionality, which can be exploited to run a "sudoedit" executable within the 
current working directory.
Successful exploitation may allow the execution of arbitrary code with 
escalated privileges, but requires that the attacker is allowed to use sudo's 
"sudoedit" pseudo-command, that the PATH environment variable contains "." 
while the directories do not contain any other "sudoedit" executable, and that 
the "ignore_dot" or "secure_path" options are disabled.</desc>
Frugalware-git mailing list

Reply via email to