Red Hat Bugzilla – Bug 567622
CVE-2010-0427 sudo: Fails to reset group permissions if runas_default set
Last modified: 2015-07-31 07:50:56 EDT
Sudo failed to properly reset group permissions, when
"runas_default" option was used. If a local, unprivileged
user was authorized by sudoers file to perform their
sudo commands under default user account, it could lead
to privilege escalation.
Upstream bug report:
This is CVE-2010-0427.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0122 https://rhn.redhat.com/errata/RHSA-2010-0122.html
This issue did NOT affect the versions of the sudo package,
as shipped with Red Hat Enterprise Linux 3 and 4.
This issue did NOT affect the current versions of the sudo package,
as shipped with Fedora releases of 11 and 12.