(RHSA-2010:0475) Moderate: sudo security update

2010-06-1500:00:00

access.redhat.com

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.6%

JSON

The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.

A flaw was found in the way sudo handled the presence of duplicated
environment variables. A local user authorized to run commands using sudo
could use this flaw to set additional values for the environment variables
set by sudo, which could result in those values being used by the executed
command instead of the values set by sudo. This could possibly lead to
certain intended restrictions being bypassed, such as the secure_path
setting. (CVE-2010-1646)

Red Hat would like to thank Anders Kaseorg and Evan Broder of Ksplice, Inc.
for responsibly reporting this issue.

Users of sudo should upgrade to this updated package, which contains a
backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat5ppcsudo< 1.7.2p1-7.el5_5sudo-1.7.2p1-7.el5_5.ppc.rpm
RedHat5srcsudo< 1.7.2p1-7.el5_5sudo-1.7.2p1-7.el5_5.src.rpm
RedHat5ia64sudo< 1.7.2p1-7.el5_5sudo-1.7.2p1-7.el5_5.ia64.rpm
RedHat5x86_64sudo< 1.7.2p1-7.el5_5sudo-1.7.2p1-7.el5_5.x86_64.rpm
RedHat5i386sudo< 1.7.2p1-7.el5_5sudo-1.7.2p1-7.el5_5.i386.rpm
RedHat5s390xsudo< 1.7.2p1-7.el5_5sudo-1.7.2p1-7.el5_5.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	5	ppc	sudo	< 1.7.2p1-7.el5_5	sudo-1.7.2p1-7.el5_5.ppc.rpm
RedHat	5	src	sudo	< 1.7.2p1-7.el5_5	sudo-1.7.2p1-7.el5_5.src.rpm
RedHat	5	ia64	sudo	< 1.7.2p1-7.el5_5	sudo-1.7.2p1-7.el5_5.ia64.rpm
RedHat	5	x86_64	sudo	< 1.7.2p1-7.el5_5	sudo-1.7.2p1-7.el5_5.x86_64.rpm
RedHat	5	i386	sudo	< 1.7.2p1-7.el5_5	sudo-1.7.2p1-7.el5_5.i386.rpm
RedHat	5	s390x	sudo	< 1.7.2p1-7.el5_5	sudo-1.7.2p1-7.el5_5.s390x.rpm