==========================================================Ubuntu Security Notice USN-722-1          February 17, 2009
sudo vulnerability
CVE-2009-0034
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  sudo                            1.6.9p10-1ubuntu3.4

Ubuntu 8.10:
  sudo                            1.6.9p17-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Harald Koenig discovered that sudo did not correctly handle certain
privilege changes when handling groups.  If a local attacker belonged
to a group included in a "RunAs" list in the /etc/sudoers file, that
user could gain root privileges.  This was not an issue for the default
sudoers file shipped with Ubuntu.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

          Size/MD5:    28195 a3ef076ed66f2a1d1ab0ebd5cafefaa4
          Size/MD5:      739 91a65bd5beb7e2f7206d081455238fdb
          Size/MD5:   579302 16db2a1213159a1fac8239eab58108f5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   188062 246612b4d29a8fd216cd1f5619b6f92f
          Size/MD5:   199606 b5b948d0f3f12791e97838ea1b952ce2

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   176230 bc3547ffcc1a8060cf96f0d096a44c3c
          Size/MD5:   187056 ce23d03b7e8f10f714a9c559ce741458

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   177396 57ef14f30094341da593dd3683f3f7e8
          Size/MD5:   188098 d4c576aac4c27e7ab3646c5ac5a323e3

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   188226 a4739b543098b729cfb63ce20fc37dae
          Size/MD5:   202064 226b1789a16fedf35241f16e74e2f252

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   182204 22004aca9eddcd46a4bda1d066b97ac1
          Size/MD5:   193236 96f59c47bbc14586b40c440995467ea4

Updated packages for Ubuntu 8.10:

  Source archives:

          Size/MD5:    25366 af7e507328494298721aad11d13488da
          Size/MD5:     1135 e5192f02cdc0284d832460ac7ae4b955
          Size/MD5:   593534 60daf18f28e2c1eb7641c4408e244110

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   191138 ad2dae17ccbc9673d8e53546afee3d14
          Size/MD5:   202074 ab01d71c8e86e83903dc72fbebba4c90

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   179122 ee80fb039bc6d493050a876593bdf8e0
          Size/MD5:   188614 1158e7471fe07070c9900ebcb827af98

  lpia architecture (Low Power Intel Architecture):

          Size/MD5:   180306 f0ec9a79d4728047c6d32f3126ae06af
          Size/MD5:   189392 830c281c450cceed63fdb46093a8e082

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   188548 0de77be3253ffe27353ca481c638696c
          Size/MD5:   200986 04c80b6cf9764550b81d19ada01df988

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   183994 7ed518be234fa37482f3c4e86c49ae3f
          Size/MD5:   193662 f9616eade202d044a2a62c8ed2b043d8

Ubuntu 722-1: sudo vulnerability

February 17, 2009
Harald Koenig discovered that sudo did not correctly handle certainprivilege changes when handling groups

Summary

Update Instructions

References

Severity
sudo vulnerability

Package Information

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved