MDVSA-2010:175
- Nom du paquet
- sudo
- Date
- 2010-09-12
- Advisory ID
- MDVSA-2010:175
- Affected versions
- 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.1 i586 , 2009.1 x86_64 , 2010.1 x86_64
Problem description
A vulnerability has been found and corrected in sudo:
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does
not properly handle use of the -u option in conjunction with the -g
option, which allows local users to gain privileges via a command
line containing a -u root sequence (CVE-2010-2956).
The updated packages have been patched to correct this issue.
Updated packages
2010.0 x86_64
e9771004f22b2fc377cf51694ddd5f30 2010.0/x86_64/sudo-1.7.2-0.p1.1.4mdv2010.0.x86_64.rpm cca6c09641101ea4f1fae32ec74c849f 2010.0/SRPMS/sudo-1.7.2-0.p1.1.4mdv2010.0.src.rpm
2010.1 i586
017af99d278ee67258ed8200ceb51f41 2010.1/i586/sudo-1.7.2-0.p7.1.1mdv2010.1.i586.rpm 05c18dedeb4a8e913c0c1566c459a55c 2010.1/SRPMS/sudo-1.7.2-0.p7.1.1mdv2010.1.src.rpm
2010.0 i586
fadb28a5027cdae180c287cdc44ce9f7 2010.0/i586/sudo-1.7.2-0.p1.1.4mdv2010.0.i586.rpm cca6c09641101ea4f1fae32ec74c849f 2010.0/SRPMS/sudo-1.7.2-0.p1.1.4mdv2010.0.src.rpm
2009.1 i586
6e4430f6b046f94ff2c173643f523e0a 2009.1/i586/sudo-1.7.0-1.6mdv2009.1.i586.rpm 04e5f930cc56b1fdb103dde1db5ebabe 2009.1/SRPMS/sudo-1.7.0-1.6mdv2009.1.src.rpm
2009.1 x86_64
2ce7c0c655973c03d8b8061db466ca71 2009.1/x86_64/sudo-1.7.0-1.6mdv2009.1.x86_64.rpm 04e5f930cc56b1fdb103dde1db5ebabe 2009.1/SRPMS/sudo-1.7.0-1.6mdv2009.1.src.rpm
2010.1 x86_64
c1f8826bd6df14e9daf932c106e46f40 2010.1/x86_64/sudo-1.7.2-0.p7.1.1mdv2010.1.x86_64.rpm 05c18dedeb4a8e913c0c1566c459a55c 2010.1/SRPMS/sudo-1.7.2-0.p7.1.1mdv2010.1.src.rpm