CVE-2010-0427
Publication date 23 February 2010
Last updated 24 July 2024
Ubuntu priority
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Status
Package | Ubuntu Release | Status |
---|---|---|
sudo | 9.10 karmic |
Not affected
|
9.04 jaunty |
Fixed 1.6.9p17-1ubuntu3.1
|
|
8.10 intrepid |
Fixed 1.6.9p17-1ubuntu2.2
|
|
8.04 LTS hardy |
Fixed 1.6.9p10-1ubuntu3.6
|
|
6.06 LTS dapper |
Not affected
|
Notes
jdstrand
group privilege escalation, but requires non-default configuration. This only affects 1.6 and not 1.7 Dapper (1.6.8) is not affected
References
Related Ubuntu Security Notices (USN)
- USN-905-1
- sudo vulnerabilities
- 26 February 2010