CVE - CVE-2011-0010

CVE-ID
CVE-2011-0010	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:42886 URL:http://secunia.com/advisories/42886 MISC:42949 URL:http://secunia.com/advisories/42949 MISC:42968 URL:http://secunia.com/advisories/42968 MISC:43068 URL:http://secunia.com/advisories/43068 MISC:43282 URL:http://secunia.com/advisories/43282 MISC:45774 URL:http://www.securityfocus.com/bid/45774 MISC:70400 URL:~~http://www.osvdb.org/70400~~ (Obsolete source) MISC:ADV-2011-0089 URL:~~http://www.vupen.com/english/advisories/2011/0089~~ (Obsolete source) MISC:ADV-2011-0182 URL:~~http://www.vupen.com/english/advisories/2011/0182~~ (Obsolete source) MISC:ADV-2011-0195 URL:~~http://www.vupen.com/english/advisories/2011/0195~~ (Obsolete source) MISC:ADV-2011-0199 URL:~~http://www.vupen.com/english/advisories/2011/0199~~ (Obsolete source) MISC:ADV-2011-0212 URL:~~http://www.vupen.com/english/advisories/2011/0212~~ (Obsolete source) MISC:ADV-2011-0362 URL:~~http://www.vupen.com/english/advisories/2011/0362~~ (Obsolete source) MISC:FEDORA-2011-0455 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html MISC:FEDORA-2011-0470 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html MISC:GLSA-201203-06 URL:http://security.gentoo.org/glsa/glsa-201203-06.xml MISC:MDVSA-2011:018 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:018~~ (Obsolete source) MISC:RHSA-2011:0599 URL:http://www.redhat.com/support/errata/RHSA-2011-0599.html MISC:SSA:2011-041-05 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593654 MISC:SUSE-SR:2011:002 URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html MISC:USN-1046-1 URL:http://www.ubuntu.com/usn/USN-1046-1 MISC:[oss-security] 20110111 CVE request: sudo does not ask for password on GID changes URL:http://openwall.com/lists/oss-security/2011/01/11/3 MISC:[oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes URL:http://openwall.com/lists/oss-security/2011/01/12/1 MISC:[oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes URL:http://openwall.com/lists/oss-security/2011/01/12/3 MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641 URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641 MISC:http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e URL:http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e MISC:http://www.sudo.ws/repos/sudo/rev/fe8a94f96542 URL:http://www.sudo.ws/repos/sudo/rev/fe8a94f96542 MISC:http://www.sudo.ws/sudo/alerts/runas_group_pw.html URL:http://www.sudo.ws/sudo/alerts/runas_group_pw.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=668879 URL:https://bugzilla.redhat.com/show_bug.cgi?id=668879 MISC:sudo-groupid-privilege-escalation(64636) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64636
Assigning CNA
Red Hat, Inc.
Date Record Created
20101207	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101207)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)