Debian Linux Security Advisory 4543-1 - Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID - -1 or 4294967295. This could allow a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access.
4971069c0d651dcd9257a909634aa8a058965dd724849b1ac7aaac423b42c35e