USN-722-1 -- sudo vulnerability
|ID: oval:org.secpod.oval:def:700457||Date: (C)2011-05-13 (M)2017-11-27|
|Class: PATCH||Family: unix|
Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a "RunAs" list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped with Ubuntu.