Ubuntu Update For Sudo Vulnerability USN-983-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-983-1

Solution

Please Install the Updated Packages.

Insight

Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group.

Affected

sudo vulnerability on Ubuntu 9.10 , Ubuntu 10.04 LTS

Severity

Classification

CVE CVE-2010-2956

CVSS	Base Score: 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for dovecot USN-1143-1
Ubuntu Update for apparmor USN-1430-4
Ubuntu Update for avahi vulnerability USN-1084-1
Ubuntu Update for apt USN-2246-1
Ubuntu Update for apache2 USN-2152-1

Ubuntu Update for sudo vulnerability USN-983-1

Take action and discover your vulnerabilities