Sudo vulnerability

2010-09-07T00:00:00
ID USN-983-1
Type ubuntu
Reporter Ubuntu
Modified 2010-09-07T00:00:00

Description

Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group.