MDVSA-2013:026 -- Mandriva sudoID: oval:org.secpod.oval:def:1300172 | Date: (C)2013-03-22 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been found and corrected in sudo: sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch . Sudo before 1.8.6p7 allows a malicious user to run commands via sudo without authenticating, so long as there exists a terminal the user has access to where a sudo command was successfully run by that same user within the password timeout period . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Enterprise Server 5.2 |