Vulnerabilities > CVE-2010-2956 - Local Privilege Escalation vulnerability in Todd Miller Sudo Runas Group
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Vulnerable Configurations
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-983-1.NASL description Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49140 published 2010-09-08 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49140 title Ubuntu 9.10 / 10.04 LTS : sudo vulnerability (USN-983-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-983-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(49140); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:26"); script_cve_id("CVE-2010-2956"); script_xref(name:"USN", value:"983-1"); script_name(english:"Ubuntu 9.10 / 10.04 LTS : sudo vulnerability (USN-983-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/983-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected sudo and / or sudo-ldap packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sudo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sudo-ldap"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(9\.10|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 9.10 / 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"9.10", pkgname:"sudo", pkgver:"1.7.0-1ubuntu2.5")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"sudo-ldap", pkgver:"1.7.0-1ubuntu2.5")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"sudo", pkgver:"1.7.2p1-1ubuntu5.2")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"sudo-ldap", pkgver:"1.7.2p1-1ubuntu5.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo / sudo-ldap"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0675.NASL description An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49128 published 2010-09-08 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49128 title RHEL 5 : sudo (RHSA-2010:0675) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0675. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(49128); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:15"); script_cve_id("CVE-2010-2956"); script_xref(name:"RHSA", value:"2010:0675"); script_name(english:"RHEL 5 : sudo (RHSA-2010:0675)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2010-2956" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2010:0675" ); script_set_attribute(attribute:"solution", value:"Update the affected sudo package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sudo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2010:0675"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"sudo-1.7.2p1-8.el5_5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"sudo-1.7.2p1-8.el5_5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"sudo-1.7.2p1-8.el5_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo"); } }NASL family Misc. NASL id VMWARE_VMSA-2011-0001_REMOTE.NASL description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including arbitrary code execution vulnerabilities, in several third-party components and libraries : - glibc - glibc-common - nscd - openldap - sudo last seen 2020-06-01 modified 2020-06-02 plugin id 89673 published 2016-03-04 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89673 title VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0001) (remote check) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2011-0001.NASL description a. Service Console update for glibc The service console packages glibc, glibc-common, and nscd are each updated to version 2.5-34.4908.vmw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3847 and CVE-2010-3856 to the issues addressed in this update. b. Service Console update for sudo The service console package sudo is updated to version 1.7.2p1-8.el5_5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2956 to the issue addressed in this update. c. Service Console update for openldap The service console package openldap is updated to version 2.3.43-12.el5_5.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0211 and CVE-2010-0212 to the issues addressed in this update. last seen 2020-06-01 modified 2020-06-02 plugin id 51422 published 2011-01-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51422 title VMSA-2011-0001 : VMware ESX third-party updates for Service Console packages glibc, sudo, and openldap NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0675.NASL description From Red Hat Security Advisory 2010:0675 : An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 68093 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68093 title Oracle Linux 5 : sudo (ELSA-2010-0675) NASL family SuSE Local Security Checks NASL id SUSE_11_2_SUDO-100907.NASL description sudo last seen 2020-06-01 modified 2020-06-02 plugin id 49168 published 2010-09-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49168 title openSUSE Security Update : sudo (openSUSE-SU-2010:0591-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-14184.NASL description - update to new upstream version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - corrected license field value: BSD -> ISC - fixes CVE-2010-2956 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49240 published 2010-09-16 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49240 title Fedora 14 : sudo-1.7.4p4-1.fc14 (2010-14184) NASL family SuSE Local Security Checks NASL id SUSE_11_3_SUDO-100907.NASL description sudo last seen 2020-06-01 modified 2020-06-02 plugin id 75750 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75750 title openSUSE Security Update : sudo (openSUSE-SU-2010:0591-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-14355.NASL description - update to new upstream version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - corrected license field value: BSD -> ISC - added env_keep += HOME (see rhbz#614025) for backwards compatibility - added Defaults !visiblepw - fixes CVE-2010-2956 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49197 published 2010-09-12 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49197 title Fedora 13 : sudo-1.7.4p4-1.fc13 (2010-14355) NASL family Scientific Linux Local Security Checks NASL id SL_20100907_SUDO_ON_SL5_X.NASL description A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) last seen 2020-06-01 modified 2020-06-02 plugin id 60854 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60854 title Scientific Linux Security Update : sudo on SL5.x i386/x86_64 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_67B514C3BA8F11DF8F6E000C29A67389.NASL description Todd Miller reports : Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo -g option (run as group). A flaw exists in the logic that matches Runas groups in the sudoers file when the -u option is also specified (run as user). This flaw results in a positive match for the user specified via -u so long as the group specified via -g is allowed by the sudoers file. Exploitation of the flaw requires that Sudo be configured with sudoers entries that contain a Runas group. Entries that do not contain a Runas group, or only contain a Runas user are not affected. last seen 2020-06-01 modified 2020-06-02 plugin id 49123 published 2010-09-08 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49123 title FreeBSD : sudo -- Flaw in Runas group matching (67b514c3-ba8f-11df-8f6e-000c29a67389) NASL family Fedora Local Security Checks NASL id FEDORA_2010-14996.NASL description - reset $HOME when the `-i last seen 2020-06-01 modified 2020-06-02 plugin id 49721 published 2010-10-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49721 title Fedora 12 : sudo-1.7.4p4-2.fc12 (2010-14996) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201009-03.NASL description The remote host is affected by the vulnerability described in GLSA-201009-03 (sudo: Privilege Escalation) Multiple vulnerabilities have been reported in sudo: Evan Broder and Anders Kaseorg of Ksplice, Inc. reported that the sudo last seen 2020-06-01 modified 2020-06-02 plugin id 49124 published 2010-09-08 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49124 title GLSA-201009-03 : sudo: Privilege Escalation NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-175.NASL description A vulnerability has been found and corrected in sudo : Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a -u root sequence (CVE-2010-2956). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49205 published 2010-09-13 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49205 title Mandriva Linux Security Advisory : sudo (MDVSA-2010:175) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0675.NASL description An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49203 published 2010-09-13 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49203 title CentOS 5 : sudo (CESA-2010:0675) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-257-02.NASL description New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49230 published 2010-09-15 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49230 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2010-257-02)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://secunia.com/advisories/40508
- http://secunia.com/advisories/41316
- http://secunia.com/advisories/42787
- http://security.gentoo.org/glsa/glsa-201009-03.xml
- http://wiki.rpath.com/Advisories:rPSA-2010-0075
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:175
- http://www.redhat.com/support/errata/RHSA-2010-0675.html
- http://www.securityfocus.com/archive/1/514489/100/0/threaded
- http://www.securityfocus.com/archive/1/515545/100/0/threaded
- http://www.securityfocus.com/bid/43019
- http://www.securitytracker.com/id?1024392
- http://www.sudo.ws/sudo/alerts/runas_group.html
- http://www.ubuntu.com/usn/USN-983-1
- http://www.vmware.com/security/advisories/VMSA-2011-0001.html
- http://www.vupen.com/english/advisories/2010/2312
- http://www.vupen.com/english/advisories/2010/2318
- http://www.vupen.com/english/advisories/2010/2320
- http://www.vupen.com/english/advisories/2010/2358
- http://www.vupen.com/english/advisories/2011/0025
- https://bugzilla.redhat.com/show_bug.cgi?id=628628