Ubuntu Security Notice (C) 2010-2013 Canonical, Inc. / NASL script (C) 2010-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that sudo did not properly validate the path for the
'sudoedit' pseudo-command. A local attacker could exploit this to
execute arbitrary code as root if sudo was configured to allow the
attacker to use sudoedit. The sudoedit pseudo-command is not used in
the default installation of Ubuntu. (CVE-2010-0426)
It was discovered that sudo did not reset group permissions when the
'runas_default' configuration option was used. A local attacker could
exploit this to escalate group privileges if sudo was configured to
allow the attacker to run commands under the runas_default account.
The runas_default configuration option is not used in the default
installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and
Update the affected sudo and / or sudo-ldap packages.
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.7
Public Exploit Available : true