This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 567622 - (CVE-2010-0427) CVE-2010-0427 sudo: Fails to reset group permissions if runas_default set
CVE-2010-0427 sudo: Fails to reset group permissions if runas_default set
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
i686 Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://www.gratisoft.us/bugzilla/show...
impact=important,source=redhat,report...
: Reopened, Security
Depends On: 497873 567689
Blocks:
  Show dependency treegraph
 
Reported: 2010-02-23 08:30 EST by Jan Lieskovsky
Modified: 2015-07-31 07:50 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 497873
Environment:
Last Closed: 2010-03-03 09:42:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2010-02-23 08:30:47 EST
Sudo failed to properly reset group permissions, when
"runas_default" option was used. If a local, unprivileged
user was authorized by sudoers file to perform their
sudo commands under default user account, it could lead
to privilege escalation.

Upstream bug report:
  http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349

Upstream patch:
  http://www.gratisoft.us/bugzilla/attachment.cgi?id=255
Comment 2 Jan Lieskovsky 2010-02-23 11:17:53 EST
This is CVE-2010-0427.
Comment 7 errata-xmlrpc 2010-02-26 06:06:14 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0122 https://rhn.redhat.com/errata/RHSA-2010-0122.html
Comment 8 Jan Lieskovsky 2010-02-26 11:36:45 EST
This issue did NOT affect the versions of the sudo package,
as shipped with Red Hat Enterprise Linux 3 and 4.

This issue did NOT affect the current versions of the sudo package,
as shipped with Fedora releases of 11 and 12.

Note You need to log in before you can comment on or make changes to this bug.