CVE-2007-3149

Name of the Vulnerable Software and Affected Versions: sudo (affected versions not specified)

Description: The issue concerns sudo when linked with MIT Kerberos 5 (krb5), where it does not properly check whether a user can currently authenticate to Kerberos. This allows local users to gain privileges in a manner unintended by the sudo security model via certain KRB5 environment variable settings.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.