Scientific Linux Security Update : sudo on SL5.x i386/x86_64
Medium Nessus Plugin ID 60739
SynopsisThe remote Scientific Linux host is missing a security update.
DescriptionCVE-2010-0426 sudo: sudoedit option can possibly allow for arbitrary code execution
CVE-2010-0427 sudo: Fails to reset group permissions if runas_default set
A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly leverage this flaw to execute arbitrary code with the privileges of the root user. (CVE-2010-0426)
The sudo utility did not properly initialize supplementary groups when the 'runas_default' option (in the sudoers file) was used. If a local user were authorized by the sudoers file to perform their sudo commands under the account specified with 'runas_default', they would receive the root user's supplementary groups instead of those of the intended target user, giving them unintended privileges.
SolutionUpdate the affected sudo package.