Ubuntu Security Notice (C) 2010-2014 Canonical, Inc. / NASL script (C) 2010-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that sudo did not properly validate the path for the
'sudoedit' pseudo-command. A local attacker could exploit this to
execute arbitrary code as root if sudo was configured to allow the
attacker to use sudoedit. The sudoedit pseudo-command is not used in
the default installation of Ubuntu. (CVE-2010-0426)
It was discovered that sudo did not reset group permissions when the
'runas_default' configuration option was used. A local attacker could
exploit this to escalate group privileges if sudo was configured to
allow the attacker to run commands under the runas_default account.
The runas_default configuration option is not used in the default
installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and
Update the affected sudo and / or sudo-ldap packages.
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 6.0
Public Exploit Available : true
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 44936 ()
Bugtraq ID: 3836238432
CVE ID: CVE-2010-0426CVE-2010-0427
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.