| Revision Date: | 2009-02-05 | Version: | 638 |
| Title: | RHSA-2009:0267: sudo security update (Moderate) |
| Description: | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging.
A flaw was discovered in a way sudo handled group specifications in "run as" lists in the sudoers configuration file. If sudo configuration allowed a user to run commands as any user of some group and the user was also a member of that group, sudo incorrectly allowed them to run defined commands with the privileges of any system user. This gave the user unintended privileges. (CVE-2009-0034)
Users of sudo should update to this updated package, which contains a backported patch to resolve this issue.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2009-0034
RHSA-2009:0267
RHSA-2009:0267-01
RHSA-2009:0267-01
|
| Platform(s): | Red Hat Enterprise Linux 5
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 5 is installed
AND sudo is earlier than 0:1.6.9p17-3.el5_3.1
AND sudo is signed with Red Hat redhatrelease2 key
|