Mandriva Linux Security Advisory 2010-049 – sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user’s home directory. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86727/MDVSA-2010-049.txt
Source: https://packetstormsecurity.com/files/86727/Mandriva-Linux-Security-Advisory-2010-049.html