Support / Sécurité / Annonces de sécurité / Mandriva Enterprise Server 5 / MDVSA-2010:052

Nom du paquet: sudo
Date: 2010-03-01
Advisory ID: MDVSA-2010:052
Affected versions: 2009.0 x86_64 , 2009.0 i586 , MES5 i586 , MES5 x86_64

Problem description

A vulnerabilitiy has been found and corrected in sudo:

sudo 1.6.x before 1.6.9p21, when the runas_default option is used,
does not properly set group memberships, which allows local users to
gain privileges via a sudo command (CVE-2010-0427).

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 14fe9eeebf2371880c5cd0a740f5dfb7  2009.0/x86_64/sudo-1.6.9p17-1.3mdv2009.0.x86_64.rpm 
 fcc025ccfc6cceeb670ec4e0d4c4cf8f  2009.0/SRPMS/sudo-1.6.9p17-1.3mdv2009.0.src.rpm

2009.0 i586

 7cc6a5245edf4bf1a8e7563e9903a4d9  2009.0/i586/sudo-1.6.9p17-1.3mdv2009.0.i586.rpm 
 fcc025ccfc6cceeb670ec4e0d4c4cf8f  2009.0/SRPMS/sudo-1.6.9p17-1.3mdv2009.0.src.rpm

MES5 i586

 36382465ca0cbf2cf7269ba73f2f2605  mes5/i586/sudo-1.6.9p17-1.3mdvmes5.i586.rpm 
 35bb4f5204b26bb01c81301586d52dc8  mes5/SRPMS/sudo-1.6.9p17-1.3mdv2009.0.src.rpm

MES5 x86_64

 30d89b7a593abe95704f0a7731e76343  mes5/x86_64/sudo-1.6.9p17-1.3mdvmes5.x86_64.rpm 
 35bb4f5204b26bb01c81301586d52dc8  mes5/SRPMS/sudo-1.6.9p17-1.3mdv2009.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0427