Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=473e471e52a1446de217245d0cf8c8de9576e4b1
commit 473e471e52a1446de217245d0cf8c8de9576e4b1 Author: Miklos Vajna <vmik...@frugalware.org> Date: Fri Apr 23 17:42:37 2010 +0200 FSA660: add CVE diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index dbeb8ca..9b09a14 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -74,7 +74,7 @@ <vulnerable>1.7.2-3</vulnerable> <unaffected>1.7.2-4locris1</unaffected> <bts>http://bugs.frugalware.org/task/4188</bts> - <cve>No CVE, see http://sudo.ws/sudo/alerts/sudoedit_escalate2.html.</cve> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163</cve> <desc>A security issue has been reported in sudo, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to an error within the command matching functionality, which can be exploited to run a "sudoedit" executable within the current working directory. Successful exploitation may allow the execution of arbitrary code with escalated privileges, but requires that the attacker is allowed to use sudo's "sudoedit" pseudo-command, that the PATH environment variable contains "." while the directories do not contain any other "sudoedit" executable, and that the "ignore_dot" or "secure_path" options are disabled.</desc> _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git