CVE Vulnerabilities

CVE-2011-0010

Published: Jan 18, 2011 | Modified: Jan 05, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
1.2 LOW
AV:L/AC:H/Au:N/C:N/I:P/A:N
RedHat/V3
Ubuntu
MEDIUM

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

Affected Software

Name Vendor Start Version End Version
Sudo Todd_miller 1.7.0 (including) 1.7.0 (including)
Sudo Todd_miller 1.7.1 (including) 1.7.1 (including)
Sudo Todd_miller 1.7.2 (including) 1.7.2 (including)
Sudo Todd_miller 1.7.2p1 (including) 1.7.2p1 (including)
Sudo Todd_miller 1.7.2p2 (including) 1.7.2p2 (including)
Sudo Todd_miller 1.7.2p3 (including) 1.7.2p3 (including)
Sudo Todd_miller 1.7.2p4 (including) 1.7.2p4 (including)
Sudo Todd_miller 1.7.2p5 (including) 1.7.2p5 (including)
Sudo Todd_miller 1.7.2p6 (including) 1.7.2p6 (including)
Sudo Todd_miller 1.7.2p7 (including) 1.7.2p7 (including)
Sudo Todd_miller 1.7.3b1 (including) 1.7.3b1 (including)
Sudo Todd_miller 1.7.4 (including) 1.7.4 (including)
Sudo Todd_miller 1.7.4p1 (including) 1.7.4p1 (including)
Sudo Todd_miller 1.7.4p2 (including) 1.7.4p2 (including)
Sudo Todd_miller 1.7.4p3 (including) 1.7.4p3 (including)
Sudo Todd_miller 1.7.4p4 (including) 1.7.4p4 (including)
Red Hat Enterprise Linux 5 RedHat sudo-0:1.7.2p1-13.el5 *
Red Hat Enterprise Linux 6 RedHat sudo-0:1.7.4p5-5.el6 *
Sudo Ubuntu devel *
Sudo Ubuntu karmic *
Sudo Ubuntu lucid *
Sudo Ubuntu maverick *
Sudo Ubuntu upstream *

References