Scientific Linux SL5.x: Important Sudo Update - Privilege Escalation Risk

Date: Fri, 26 Feb 2010 09:58:43 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: sudo on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Important: sudo security update
Issue date:	2010-02-26
CVE Names:	CVE-2010-0426 CVE-2010-0427

CVE-2010-0426 sudo: sudoedit option can possibly allow for arbitrary
code execution
CVE-2010-0427 sudo: Fails to reset group permissions if runas_default set

A privilege escalation flaw was found in the way sudo handled the
sudoedit pseudo-command. If a local user were authorized by the sudoers
file to use this pseudo-command, they could possibly leverage this flaw
to execute arbitrary code with the privileges of the root user.
(CVE-2010-0426)

The sudo utility did not properly initialize supplementary groups when
the "runas_default" option (in the sudoers file) was used. If a local
user were authorized by the sudoers file to perform their sudo commands
under the account specified with "runas_default", they would receive the
root user's supplementary groups instead of those of the intended target
user, giving them unintended privileges. (CVE-2010-0427)

SL 5.x

 SRPMS:
sudo-1.6.9p17-6.el5_4.src.rpm
 i386:
sudo-1.6.9p17-6.el5_4.i386.rpm
 x86_64:
sudo-1.6.9p17-6.el5_4.x86_64.rpm

-Connie Sieh
-Troy Dawson
lastline