4.4

CVE-2011-0010

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Todd MillerSudo Version1.7.0
Todd MillerSudo Version1.7.1
Todd MillerSudo Version1.7.2
Todd MillerSudo Version1.7.2p1
Todd MillerSudo Version1.7.2p2
Todd MillerSudo Version1.7.2p3
Todd MillerSudo Version1.7.2p4
Todd MillerSudo Version1.7.2p5
Todd MillerSudo Version1.7.2p6
Todd MillerSudo Version1.7.2p7
Todd MillerSudo Version1.7.3b1
Todd MillerSudo Version1.7.4
Todd MillerSudo Version1.7.4p1
Todd MillerSudo Version1.7.4p2
Todd MillerSudo Version1.7.4p3
Todd MillerSudo Version1.7.4p4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.385
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068
http://www.vupen.com/english/advisories/2011/0212
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html
http://openwall.com/lists/oss-security/2011/01/11/3
Patch
http://openwall.com/lists/oss-security/2011/01/12/1
Patch
http://openwall.com/lists/oss-security/2011/01/12/3
http://secunia.com/advisories/42886
Vendor Advisory
http://secunia.com/advisories/42949
http://secunia.com/advisories/42968
http://secunia.com/advisories/43282
http://security.gentoo.org/glsa/glsa-201203-06.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593654
http://www.mandriva.com/security/advisories?name=MDVSA-2011:018
http://www.osvdb.org/70400
http://www.redhat.com/support/errata/RHSA-2011-0599.html
http://www.securityfocus.com/bid/45774
http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e
Patch
http://www.sudo.ws/repos/sudo/rev/fe8a94f96542
Patch
http://www.sudo.ws/sudo/alerts/runas_group_pw.html
http://www.ubuntu.com/usn/USN-1046-1
http://www.vupen.com/english/advisories/2011/0089
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0182
http://www.vupen.com/english/advisories/2011/0195
http://www.vupen.com/english/advisories/2011/0199
http://www.vupen.com/english/advisories/2011/0362
https://bugzilla.redhat.com/show_bug.cgi?id=668879
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/64636