Ubuntu Update For Sudo Vulnerability USN-983-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-983-1

Solution

Please Install the Updated Packages.

Insight

Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group.

Affected

sudo vulnerability on Ubuntu 9.10 , Ubuntu 10.04 LTS

Severity

Classification

CVE CVE-2010-2956
CVSS Base Score: 6.2
AV:L/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for apache2 vulnerabilities USN-575-1
Ubuntu Update for cinder USN-2248-1
Ubuntu Update for curl USN-2048-2
Ubuntu Update for ceilometer USN-2311-2
Ubuntu Update for clamav USN-1482-2

Ubuntu Update for sudo vulnerability USN-983-1

Take action and discover your vulnerabilities