CVE-2010-0427

Name of the Vulnerable Software and Affected Versions sudo versions 1.6.x through 1.6.9p20 sudo versions prior to 1.7.2p4

Description The issue allows local users to gain privileges via a sudo command when the runas default option is used, due to improper setting of group memberships. Multiple vulnerabilities in the sudo package can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally.

Recommendations For sudo versions 1.6.x through 1.6.9p20, update to version 1.6.9p21 or later. For sudo versions prior to 1.7.2p4, update to version 1.7.2p4 or later. As a temporary workaround, consider restricting the use of the sudo command when the runas default option is used, until a patch is available.