Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: bakedjake
The quirk revolved around sudo's treatment of user IDs. If you typed the command with a user ID of -1 or its unsigned equivalent 4294967295, it would treat you as if you had root access (user ID 0) even as it recorded the actual user ID in the log. The user IDs in question don't exist in the password database, either, so the command won't require a password to use.
My server guy said that Cent OS 6 does not have access to the new version of SU, but said that I have nothing to worry about since we don't use it that way.
Exploiting the bug requires that the user have sudo privileges that allow them to run commands with an arbitrary user ID. Typically, this means that the user's sudoers entry has the special value ALL in the Runas specifier.