Rapid7 Vulnerability & Exploit Database

RHSA-2002:071: Updated sudo packages are available

Back to Search

RHSA-2002:071: Updated sudo packages are available

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
05/16/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated sudo packages are available which fix a local root exploit.

The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging. Global InterSec LLC found an issue with Sudo 1.6.5p2 and earlier which can be exploited to allow a local attacker to gain root privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0184 to this issue. Users of Sudo are advised to upgrade to these errata packages which are not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-sudo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;