==========================================================Ubuntu Security Notice USN-983-1         September 07, 2010
sudo vulnerability
CVE-2010-2956
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.10:
  sudo                            1.7.0-1ubuntu2.5
  sudo-ldap                       1.7.0-1ubuntu2.5

Ubuntu 10.04 LTS:
  sudo                            1.7.2p1-1ubuntu5.2
  sudo-ldap                       1.7.2p1-1ubuntu5.2

In general, a standard system update will make all the necessary changes.

Details follow:

Markus Wuethrich discovered that sudo did not always verify the user when a
group was specified in the Runas_Spec. A local attacker could exploit this
to execute arbitrary code as root if sudo was configured to allow the
attacker to use a program as a group when the attacker was not a part of
that group.


Updated packages for Ubuntu 9.10:

  Source archives:

          Size/MD5:    25514 9bfdb8f41c6a5dd5544e6d6b8ab4ac5c
          Size/MD5:     1117 431ea989e3fa57b00f8fb13f3e54a025
          Size/MD5:   744311 5fd96bba35fe29b464f7aa6ad255f0a6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   310700 e0e0a0dc1fb83f31f996679b9b13b01f
          Size/MD5:   334376 9492e829a5b04057a804697e644b9644

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   298210 70b9f891286606ce2a4b1db2f3676bd4
          Size/MD5:   319766 c0df54d97c686bccea3a2b986833d44e

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   298316 609d145034a593e5b637c0c5b9e176b8
          Size/MD5:   320176 426ef7871e3c372491fbbd8790350857

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   306220 7b0b1b6e6ee37e4b33a638e7f2ac292e
          Size/MD5:   329152 1b0cb4498c03cc2883c00837bff8bb83

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   301892 f46d44e1a8c46a575c5c4f0700910462
          Size/MD5:   323970 7a10f46aa2c9388aa74a342d44c41ac4

Updated packages for Ubuntu 10.04:

  Source archives:

          Size/MD5:    26583 f3077ddbefcc852cb66d71ec63e0013c
          Size/MD5:     1131 456ecc22f3b88cb3e60dbfac679b110a
          Size/MD5:   771059 4449d466a774f5ce401c9c0e3866c026

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   326768 29f77801c5304c74366abaecd451080b
          Size/MD5:   350566 08c716ab408e519bb090e2a46715696c

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   312528 8bdaeb041859991919aade6a85c70cd1
          Size/MD5:   334432 bf7f83603498e26e4f7618eea82cb836

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   321234 498592d623ad408c02dc9dc3794674ae
          Size/MD5:   345118 09a20cd3444df0ac4ac34b0829332fac

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   318604 71c8f38d47ed96f07d53192ed729c4e9
          Size/MD5:   341828 99b090b6d40959d6d349439e0e8934ba

Ubuntu 983-1: Sudo vulnerability

September 7, 2010
Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec

Summary

Update Instructions

References

Severity
sudo vulnerability

Package Information

Related News

1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved