Red Hat Bugzilla – Bug 668843
CVE-2011-0008 sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediff
Last modified: 2015-07-31 08:31:36 EDT
Due to upstream changes in how sudo 1.7.3 handles group membership checks, the patch used to correct bug #235915 (sudo can't always correctly determine group memberships) was incorrectly rediffed, making sudo in Fedora once again vulnerable to CVE-2009-0034 (incorrect handling of groups in Runas_User).
Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Created attachment 472949 [details]
corrected getgrouplist patch