Users of Sudo please be advised of a Fix for Privilege Elevation vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MDVSA-2010:175: [MDVSA-2010:175] Fix for Sudo Privilege Elevation
Problem Description:
A vulnerability has been found and corrected in sudo:
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does
not properly handle use of the -u option in conjunction with the -g
option, which allows local users to gain privileges via a command
line containing a -u root sequence (CVE-2010-2956).
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/93TeJO
No comments:
Post a Comment