/hvaonline/posts/list/13.html JForum - http://www.jforum.net Abstract A fix has been published for sudo tool which is included in many Unix-like systems The worst attack scenario could lead to local privilege escalation. Exploitation could be done without any tool in a defined sudo configuration. A fix is available. No exploit is required. Action A fix is available. It is advised to test before deployment. Other workarounds: * check sudo configuration and ensure the vulnerable setup is not used Note The flaw comes from an incorrect handling of group membership when executing a local command. The vulnerable configuration uses 'runas_default' parameter which allows to execute a command as another user (distinct from root). It allows to execute code as root bypassing the defined configuration. Exploitation implies to be authenticated. Default configuration of sudo does not seem to contain this parameter (checked on Debian Linux and OpenBSD) Only Redhat has published an official bulletin on this subject. Affected components Sudo < 1.6.9p20 (include Red Hat Enterprise Linux 5) Credits + RHSA-2010:0122-1: Important: sudo security update http://rhn.redhat.com/errata/RHSA-2010-0122.html (2 vulnerabilities) + Sudo Security Alerts http://www.sudo.ws/sudo/security.html ]]> /hvaonline/posts/list/33468.html#205804 /hvaonline/posts/list/33468.html#205804 GMT