Sudo flaw discovered in “runas” restrictions
A newly discovered and serious flaw in the sudo command can, if exploited, enable users to run commands as root in spite of the fact that the syntax of the /etc/sudoers file specifically disallows them from doing so.
Updating sudo to version 1.8.28 should address the problem, and Linux admins are encouraged to do so as soon as possible.
How the flaw might be exploited depends on specific privileges granted in the /etc/sudoers file. A rule that allows a user to edit files as any user except root, for example, would actually allow that user to edit files as root as well. In this case, the flaw could lead to very serious problems.
Source:: IT news – Networking