NVD

Id
7149  
Name
CVE-2011-0010  
Description
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.  
Reject
 
CVSS Version
2  
CVSS Score
4.4  
Severity
Medium  
CVSS Base Score
4.4  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2011-01-18  
Modified Date
2011-08-26  
Seq
2011-0010  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
39991 7149 CVE-2011-0010 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641  View
39992 7149 CVE-2011-0010 FEDORA-2011-0470  View
39993 7149 CVE-2011-0010 FEDORA-2011-0455  View
39994 7149 CVE-2011-0010 SUSE-SR:2011:002  View
39995 7149 CVE-2011-0010 [oss-security] 20110111 CVE request: sudo does not ask for password on GID changes  View
39996 7149 CVE-2011-0010 [oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes  View
39997 7149 CVE-2011-0010 [oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes  View
39998 7149 CVE-2011-0010 SSA:2011-041-05  View
39999 7149 CVE-2011-0010 MDVSA-2011:018  View
40000 7149 CVE-2011-0010 RHSA-2011:0599  View
40001 7149 CVE-2011-0010 45774  View
40002 7149 CVE-2011-0010 http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e  View
40003 7149 CVE-2011-0010 http://www.sudo.ws/repos/sudo/rev/fe8a94f96542  View
40004 7149 CVE-2011-0010 http://www.sudo.ws/sudo/alerts/runas_group_pw.html  View
40005 7149 CVE-2011-0010 USN-1046-1  View
40006 7149 CVE-2011-0010 ADV-2011-0089  View
40007 7149 CVE-2011-0010 ADV-2011-0182  View
40008 7149 CVE-2011-0010 ADV-2011-0195  View
40009 7149 CVE-2011-0010 ADV-2011-0199  View
40010 7149 CVE-2011-0010 ADV-2011-0212  View
40011 7149 CVE-2011-0010 ADV-2011-0362  View
40012 7149 CVE-2011-0010 sudo-groupid-privilege-escalation(64636)  View
40013 7149 CVE-2011-0010 https://bugzilla.redhat.com/show_bug.cgi?id=668879  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
31419 JVNDB-2011-001659 sudo の check.c における認証要求を回避される脆弱性 sudo の check.c は、Runas group が設定されている際、gid の変更を行うコマンド実行に対するパスワードの入力を要求しないため、認証要求を回避される脆弱性が存在します。 CVE-2011-0010 47917 CVE-2011-0010 7149 4.4 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001659.html 2011-01-18 2011-05-31 View