rss-bot
February 17th, 2009, 11:10 PM
Referenced CVEs:
CVE-2009-0034
Description:
================================================== ========= Ubuntu Security Notice USN-722-1 February 17, 2009 sudo vulnerability CVE-2009-0034 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: sudo 1.6.9p10-1ubuntu3.4 Ubuntu 8.10: sudo 1.6.9p17-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a "RunAs" list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped with Ubuntu.
More... (http://www.ubuntu.com/usn/usn-722-1)
CVE-2009-0034
Description:
================================================== ========= Ubuntu Security Notice USN-722-1 February 17, 2009 sudo vulnerability CVE-2009-0034 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: sudo 1.6.9p10-1ubuntu3.4 Ubuntu 8.10: sudo 1.6.9p17-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a "RunAs" list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped with Ubuntu.
More... (http://www.ubuntu.com/usn/usn-722-1)