A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
In general, a standard system upgrade is sufficient to effect the
Harald Koenig discovered that sudo did not correctly handle certain
privilege changes when handling groups. If a local attacker belonged
to a group included in a "RunAs" list in the /etc/sudoers file, that
user could gain root privileges. This was not an issue for the default
sudoers file shipped with Ubuntu.