CVE Vulnerabilities

CVE-2011-0010

Published: Jan 18, 2011 | Modified: Jan 05, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

Affected Software

Name Vendor Start Version End Version
Sudo Todd_miller 1.7.2p4 1.7.2p4
Sudo Todd_miller 1.7.0 1.7.0
Sudo Todd_miller 1.7.4p2 1.7.4p2
Sudo Todd_miller 1.7.1 1.7.1
Sudo Todd_miller 1.7.2p2 1.7.2p2
Sudo Todd_miller 1.7.2p7 1.7.2p7
Sudo Todd_miller 1.7.2 1.7.2
Sudo Todd_miller 1.7.4 1.7.4
Sudo Todd_miller 1.7.4p3 1.7.4p3
Sudo Todd_miller 1.7.3b1 1.7.3b1
Sudo Todd_miller 1.7.2p1 1.7.2p1
Sudo Todd_miller 1.7.2p3 1.7.2p3
Sudo Todd_miller 1.7.4p4 1.7.4p4
Sudo Todd_miller 1.7.2p5 1.7.2p5
Sudo Todd_miller 1.7.4p1 1.7.4p1
Sudo Todd_miller 1.7.2p6 1.7.2p6

References