SciLinux: CVE-2010-0426 Important: sudo SL5.x i386/x86_64
Summary
CVE-2010-0427 sudo: Fails to reset group permissions if runas_default setA privilege escalation flaw was found in the way sudo handled thesudoedit pseudo-command. If a local user were authorized by the sudoersfile to use this pseudo-command, they could possibly leverage this flawto execute arbitrary code with the privileges of the root user.(CVE-2010-0426)The sudo utility did not properly initialize supplementary groups whenthe "runas_default" option (in the sudoers file) was used. If a localuser were authorized by the sudoers file to perform their sudo commandsunder the account specified with "runas_default", they would receive theroot user's supplementary groups instead of those of the intended targetuser, giving them unintended privileges. (CVE-2010-0427)SL 5.xSRPMS:sudo-1.6.9p17-6.el5_4.src.rpmi386:sudo-1.6.9p17-6.el5_4.i386.rpmx86_64:sudo-1.6.9p17-6.el5_4.x86_64.rpm-Connie Sieh-Troy Dawsonlastline