Sudo Vulnerabilities – Ubuntu

Ada security issue yang pada ubuntu pada versi rilis :

  • Ubuntu 6.06 LTS
  • Ubuntu 8.04 LTS
  • Ubuntu 8.10
  • Ubuntu 9.04
  • Ubuntu 9.10

dan juga tentunya termasuk pada versi Kubuntu, Edubuntu, and Xubuntu.

Issue ini bisa diatasi dengan melakukan upgrade system, pada paket aplikasi berikut ::

Ubuntu 6.06 LTS:

sudo 1.6.8p12-1ubuntu6.1
 
sudo-ldap 1.6.8p12-1ubuntu6.1

Ubuntu 8.04 LTS:

sudo 1.6.9p10-1ubuntu3.6
 
sudo-ldap 1.6.9p10-1ubuntu3.6

Ubuntu 8.10:

sudo 1.6.9p17-1ubuntu2.2
 
sudo-ldap 1.6.9p17-1ubuntu2.2

Ubuntu 9.04:

sudo 1.6.9p17-1ubuntu3.1
 
sudo-ldap 1.6.9p17-1ubuntu3.1

Ubuntu 9.10:

sudo 1.7.0-1ubuntu2.1
 
sudo-ldap 1.7.0-1ubuntu2.1

Issue itu berupa : “… sudo did not properly validate the path for the ’sudoedit’ pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. (CVE-2010-0426) It was discovered that sudo did not reset group permissions when the ‘runas_default’ configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2010-0427)…

Sumber berita dari sini

Reblog this post [with Zemanta]

Mungkin Anda juga menyukai

2 Respon

  1. iwan berkata:

    mantap tutorial na ooy
    salam kenal

  2. achmad fachrie berkata:

    salam kenal juga

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *