Upstream information
Description
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.NVD CVSS v2 Base Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Novell/SUSE information
Note from the SUSE Security Team
The runas_default group functionality was introduced in sudo 1.6.9, older versions did not have this feature. This means that sudo on SUSE Linux Enterprise Server 9 and 10 are not affected by this issue. Novell Bugzilla entry: 582555 SUSE Security Advisories:- SUSE-SR:2010:006, published Mon, 15 Mar 2010 11:11:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise 11 Moblin 2.1 DEBUGINFO |
| SAT Patch Nr: 2086 |
| SUSE Linux Enterprise 11 Moblin 2.1 |
| SAT Patch Nr: 2086 |
| SUSE Linux Enterprise 11 Moblin 2.0 |
| SAT Patch Nr: 2085 |
| SUSE Linux Enterprise 11 Moblin 2.0 |
| SAT Patch Nr: 2085 |
| openSUSE 11.0 |
| |
| openSUSE 11.0 |
| |
| openSUSE 11.1 |
| |
| openSUSE 11.1 |
| |
| openSUSE 11.2 |
| |
| openSUSE 11.2 |
| |
| SUSE Linux Enterprise 11 GA DEBUGINFO |
| sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sles11.x86 sled11.x86 sles11.s390x sles11.ia64 sle11-debuginfo.s390x sle11-debuginfo.ia64 SAT Patch Nr: 2084 |
| SUSE Linux Enterprise Desktop 11 GA SUSE Linux Enterprise Server 11 GA |
| sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sles11.x86 sled11.x86 sles11.s390x sles11.ia64 sle11-debuginfo.s390x sle11-debuginfo.ia64 SAT Patch Nr: 2084 |