Debian DSA-2006-1 : sudo - several vulnerabilities

Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0426 It was discovered that sudo when a pseudo-command is enabled,...

Todd Miller Sudo 'runas_default'本地特权提升漏洞

Bugraq ID: 38432 CVE ID：CVE-2010-0427 Sudo是一款允许用户以其他用户权限安全地执行命令的程序，广泛使用在Linux和Unix操作系统下。 当使用"runasdefault"选项时，sudo不正确重设组权限。如果本地非特权用户由sudoers文件授权在默认用户帐户下执行sudo命令，可导致特权提升。 Todd Miller Sudo 1.6.9 p19 Todd Miller Sudo 1.6.9 p18 Todd Miller Sudo 1.6.9 p17 Todd Miller Sudo 1.6.9 p21已经修复此漏洞，建议用户下载使用：...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : sudo vulnerabilities (USN-905-1)

It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation...

USN-905-1: sudo vulnerabilities

It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation...

sudo: Fails to reset group permissions if runas_default set

sudo 1.6.x before 1.6.9p21, when the runasdefault option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command...

Command injection

sudo 1.6.x before 1.6.9p21, when the runasdefault option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command...

CVE-2010-0427

sudo 1.6.x before 1.6.9p21, when the runasdefault option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command...