Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a -u root sequence.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sudo | Todd_miller | 1.7.2p4 | 1.7.2p4 |
Sudo | Todd_miller | 1.7.0 | 1.7.0 |
Sudo | Todd_miller | 1.7.4p2 | 1.7.4p2 |
Sudo | Todd_miller | 1.7.1 | 1.7.1 |
Sudo | Todd_miller | 1.7.2p2 | 1.7.2p2 |
Sudo | Todd_miller | 1.7.2p7 | 1.7.2p7 |
Sudo | Todd_miller | 1.7.2 | 1.7.2 |
Sudo | Todd_miller | 1.7.4 | 1.7.4 |
Sudo | Todd_miller | 1.7.4p3 | 1.7.4p3 |
Sudo | Todd_miller | 1.7.3b1 | 1.7.3b1 |
Sudo | Todd_miller | 1.7.2p1 | 1.7.2p1 |
Sudo | Todd_miller | 1.7.2p3 | 1.7.2p3 |
Sudo | Todd_miller | 1.7.2p5 | 1.7.2p5 |
Sudo | Todd_miller | 1.7.4p1 | 1.7.4p1 |
Sudo | Todd_miller | 1.7.2p6 | 1.7.2p6 |