Debian Linux Security Advisory 2006-1 - Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users database server.
704c320f7d43b84e5df70a4b83e40163de1691ddd6dbd158d2607111d35e2b0eUbuntu Security Notice 905-1 - It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the 'runas_default' configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.
6429269d5a7e2fc27d46e77eeca2faf4ade70b577099f07867e05c9aa22b77c1Mandriva Linux Security Advisory 2010-049 - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
e08356d2265f5bbf8e1e1d35a2a50499020c9010536a56aec7e5bd3169bf8174
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed