以下是从该网页截图获取到的关于漏洞的关键信息,以简洁的Markdown格式展示: USN-983-1: Sudo Vulnerability Publication Date: September 7, 2010 Overview: Under non-default configurations, a local user could run programs with administrator privileges. Releases: - 10.04 - 9.10 Packages sudo: Provide limited super user privileges to specific users Details Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group. Update Instructions In general, a standard system update will make all the necessary changes. The problem can be corrected by updating your system to the following package versions: - 9.10 (karmic): - sudo-ldap - 1.7.0-1ubuntu2.5 - sudo - 1.7.0-1ubuntu2.5 - 10.04 (lucid): - sudo-ldap - 1.7.2p1-1ubuntu5.2 - sudo - 1.7.2p1-1ubuntu5.2 References CVE-2010-2956 Additional Information Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. For additional questions, users are encouraged to talk to a member of the team.