> Baru saja ada exploit diposting di bugtraq untuk postfix+sudo
> (akhirnya!! .. he..he.. nggak ding).
> Sayangnya nol penjelasan. Ada yang tahu?
udah ditest blum ?? simple banget kayaknya
mungkin ini ada hubungannya sama sudo
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: sudo
Advisory ID: MDKSA-2002:003
Date: January 15th, 2002
Affected versions: 7.1, 7.2, 8.0, 8.1, Corporate Server 1.0.1,
Single Network Firewall 7.2
________________________________________________________________________
Problem Description:
The SuSE Security Team discovered a vulnerability in sudo that can be
exploited to obtain root privilege because sudo is installed setuid
root. An attacker could trick sudo to log failed sudo calls executing
the sendmail (or equivalent mailer) program with root privileges and an
environment that is not completely clean. This problem has been fixed
upstream by the author in sudo 1.6.4 and it is highly recommended that
all users upgrade regardless of what mailer you are using.
--
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
