Novell Home

CVE-2010-0427

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2010-0427 at MITRE

Description

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

NVD CVSS v2 Base Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Note from the SUSE Security Team

The runas_default group functionality was introduced in sudo 1.6.9, older versions did not have this feature. This means that sudo on SUSE Linux Enterprise Server 9 and 10 are not affected by this issue.

Novell Bugzilla entry: 582555

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise 11 Moblin 2.1 DEBUGINFO
  • sudo-debuginfo >= 1.6.9p17-21.3.1
  • sudo-debugsource >= 1.6.9p17-21.3.1
SAT Patch Nr: 2086
SUSE Linux Enterprise 11 Moblin 2.1
  • sudo >= 1.6.9p17-21.3.1
SAT Patch Nr: 2086
SUSE Linux Enterprise 11 Moblin 2.0
  • sudo-debuginfo >= 1.6.9p17-21.3.1
  • sudo-debugsource >= 1.6.9p17-21.3.1
SAT Patch Nr: 2085
SUSE Linux Enterprise 11 Moblin 2.0
  • sudo >= 1.6.9p17-21.3.1
SAT Patch Nr: 2085
openSUSE 11.0
  • sudo-debuginfo >= 1.6.9p15-13.6
  • sudo-debugsource >= 1.6.9p15-13.6
openSUSE 11.0
  • sudo >= 1.6.9p15-13.6
openSUSE 11.1
  • sudo-debuginfo >= 1.6.9p17-10.37.1
  • sudo-debugsource >= 1.6.9p17-10.37.1
openSUSE 11.1
  • sudo >= 1.6.9p17-10.37.1
openSUSE 11.2
  • sudo-debuginfo >= 1.7.2-2.2.1
  • sudo-debugsource >= 1.7.2-2.2.1
openSUSE 11.2
  • sudo >= 1.7.2-2.2.1
SUSE Linux Enterprise 11 GA DEBUGINFO
  • sudo-debuginfo >= 1.6.9p17-21.3.1
  • sudo-debugsource >= 1.6.9p17-21.3.1
sle11-debuginfo.x86
sle11-debuginfo.ppc
sles11.x86-64
sled11.x86-64
sle11-debuginfo.x86-64
sles11.ppc
sles11.x86
sled11.x86
sles11.s390x
sles11.ia64
sle11-debuginfo.s390x
sle11-debuginfo.ia64
SAT Patch Nr: 2084
SUSE Linux Enterprise Desktop 11 GA
SUSE Linux Enterprise Server 11 GA
  • sudo >= 1.6.9p17-21.3.1
sle11-debuginfo.x86
sle11-debuginfo.ppc
sles11.x86-64
sled11.x86-64
sle11-debuginfo.x86-64
sles11.ppc
sles11.x86
sled11.x86
sles11.s390x
sles11.ia64
sle11-debuginfo.s390x
sle11-debuginfo.ia64
SAT Patch Nr: 2084

© 2014 Novell