Ubuntu USN-722-1 (sudo) Network Vulnerability

Summary

The remote host is missing an update to sudo announced via advisory USN-722-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: sudo 1.6.9p10-1ubuntu3.4 Ubuntu 8.10: sudo 1.6.9p17-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-722-1

Insight

Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a RunAs list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped with Ubuntu.

Severity

Classification

CVE CVE-2009-0034
CVSS Base Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for dbus USN-2352-1
Ubuntu Update for clamav vulnerability USN-1076-1
Ubuntu Update for clamav vulnerabilities USN-945-1
Ubuntu Update for apport USN-2007-1
Ubuntu Update for backuppc USN-1444-1

Take action and discover your vulnerabilities