Home / Linux / FOSS / Sudo Vulnerabilities – Ubuntu

Sudo Vulnerabilities – Ubuntu

Ada security issue yang pada ubuntu pada versi rilis :

  • Ubuntu 6.06 LTS
  • Ubuntu 8.04 LTS
  • Ubuntu 8.10
  • Ubuntu 9.04
  • Ubuntu 9.10

dan juga tentunya termasuk pada versi Kubuntu, Edubuntu, and Xubuntu.

Issue ini bisa diatasi dengan melakukan upgrade system, pada paket aplikasi berikut ::

Ubuntu 6.06 LTS:

sudo 1.6.8p12-1ubuntu6.1

sudo-ldap 1.6.8p12-1ubuntu6.1

Ubuntu 8.04 LTS:

sudo 1.6.9p10-1ubuntu3.6

sudo-ldap 1.6.9p10-1ubuntu3.6

Ubuntu 8.10:

sudo 1.6.9p17-1ubuntu2.2

sudo-ldap 1.6.9p17-1ubuntu2.2

Ubuntu 9.04:

sudo 1.6.9p17-1ubuntu3.1

sudo-ldap 1.6.9p17-1ubuntu3.1

Ubuntu 9.10:

sudo 1.7.0-1ubuntu2.1

sudo-ldap 1.7.0-1ubuntu2.1

Issue itu berupa : “… sudo did not properly validate the path for the ’sudoedit’ pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. (CVE-2010-0426) It was discovered that sudo did not reset group permissions when the ‘runas_default’ configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2010-0427)…

Sumber berita dari sini

Reblog this post [with Zemanta]

About alfach

Check Also

grep

Trik Beragam Penggunaan Perintah Grep di Linux

Grep pada dasarnya merupakan perintah sederhana namun powerfull dalam melakukan pencarian dalam lingkungan linux, ditambah ...

2 comments

  1. mantap tutorial na ooy
    salam kenal

  2. salam kenal juga

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>