Ubuntu USN-722-1 (sudo) Network Vulnerability

Summary

The remote host is missing an update to sudo announced via advisory USN-722-1.

Solution

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: sudo 1.6.9p10-1ubuntu3.4 Ubuntu 8.10: sudo 1.6.9p17-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-722-1

Insight

Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a RunAs list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped with Ubuntu.

Severity

Classification

CVE CVE-2009-0034

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for compiz-fusion-plugins-main vulnerability USN-688-1
Ubuntu Update for curl USN-2346-1
Ubuntu Update for dbus USN-2352-1
Ubuntu Update for curl USN-2048-1
Ubuntu Update for clamav vulnerability USN-684-1

Take action and discover your vulnerabilities