Release date:
Updated on:
Affected Systems:
Todd Miller Sudo 1.8.x
RedHat Enterprise Linux
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54868
Cve id: CVE-2012-3440
Sudo is a tool that allows system administrators to allow common users to execute some or all of the root commands, reducing the login and management time of root users and improving security.
Todd Miller Sudo creates temporary files in an insecure manner. Attackers with local access permissions can exploit this vulnerability to execute symbolic link attacks to corrupt sensitive files or read sensitive information.
<* Source: Red Hat
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Todd Miller
-----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.sudo.ws/sudo/dist/