sudo vulnerability

ID USN-722-1
Type ubuntu
Reporter Ubuntu
Modified 2009-02-17T00:00:00


Harald Koenig discovered that sudo did not correctly handle certain
privilege changes when handling groups. If a local attacker belonged
to a group included in a "RunAs" list in the /etc/sudoers file, that
user could gain root privileges. This was not an issue for the default
sudoers file shipped with Ubuntu.