CVE-2010-0427
Published: 23 February 2010
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Notes
Author | Note |
---|---|
jdstrand | group privilege escalation, but requires non-default configuration. This only affects 1.6 and not 1.7 Dapper (1.6.8) is not affected |
Priority
Status
Package | Release | Status |
---|---|---|
sudo Launchpad, Ubuntu, Debian |
upstream |
Released
(1.6.9p21)
|
dapper |
Not vulnerable
|
|
hardy |
Released
(1.6.9p10-1ubuntu3.6)
|
|
intrepid |
Released
(1.6.9p17-1ubuntu2.2)
|
|
jaunty |
Released
(1.6.9p17-1ubuntu3.1)
|
|
karmic |
Not vulnerable
(1.7.0-1ubuntu2)
|
|
Patches: upstream: http://sudo.ws/repos/sudo/rev/aa0b6c01c462 |