Table 11.1 Vulnerability-Safeguard Pairing
| Vulnerability | Safeguards |
| CVE-2002-00-43 Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while logging the commands and arguments. Sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing howthe mail program is invoked. | Technical: None Procedural: Do not install and use Sudo 1.6.0 through 1.6.3p7; upgrade to Sudo 1.6.4 or higher which runs the mail program with a clean environment. Admins wishing to run the mailer as the invoking user and not as root should use the—disable- root-mailer configure option in Sudo.1.6.5. Human Factors: Ensure technical staff and BSD UNIX system administrators are aware of this requirement. |
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.