sudo: arbitrary command execution
| Package(s): | sudo |
CVE #(s): | |
| Created: | May 3, 2010 |
Updated: | May 5, 2010 |
| Description: |
From the Red Hat bugzilla:
It was discovered that the original upstream fix for the sudo's sudoedit
privilege escalation flaw known as CVE-2010-0426 did not fully resolve the issue. In configurations where sudo's ignore_dot option was set to off (default is on), the user allowed to sudoedit some file with the
privileges of some user could run arbitrary command with the privileges of that user.
|
| Alerts: |
|
