Sudo(8) allows the execution of commands as another user and gives the administrator more flexibility than su(1). A race condition in the pathname handling of sudo may allow a local user to execute arbitrary commands. To exploit this bug some conditions need to be fulfilled. The attacking user needs to be listed in the sudoers file, he is able to create symbolic links in the filesystem, and a ALL alias- command needs to follow the attackers entry.
It is recommended to install the updated packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 9.2 | x86_64 | sudo | < 1.6.7p5-118.2 | sudo-1.6.7p5-118.2.x86_64.rpm |
openSUSE | 9.3 | x86_64 | sudo | < 1.6.8p7-3.2 | sudo-1.6.8p7-3.2.x86_64.rpm |
openSUSE | 9.1 | i586 | sudo | < 1.6.7p5-117.4 | sudo-1.6.7p5-117.4.i586.rpm |
openSUSE | 9.3 | i586 | sudo | < 1.6.8p7-3.2 | sudo-1.6.8p7-3.2.i586.rpm |
openSUSE | 9.0 | x86_64 | sudo | < 1.6.7p5-120 | sudo-1.6.7p5-120.x86_64.rpm |
openSUSE | 8.2 | i586 | sudo | < 1.6.6-192 | sudo-1.6.6-192.i586.rpm |
openSUSE | 9.2 | i586 | sudo | < 1.6.7p5-118.2 | sudo-1.6.7p5-118.2.i586.rpm |
openSUSE | 9.0 | i586 | sudo | < 1.6.7p5-120 | sudo-1.6.7p5-120.i586.rpm |
openSUSE | 9.1 | x86_64 | sudo | < 1.6.7p5-117.4 | sudo-1.6.7p5-117.4.x86_64.rpm |