Solution
Please Install the Updated Packages.
Insight
The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root.
A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system.
(CVE-2010-2956)
Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue.
Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue.
Affected
sudo on Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-2956 -
CVSS Base Score: 6.2
AV:L/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities