Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201203-06
HistoryMar 06, 2012 - 12:00 a.m.

sudo: Privilege escalation

2012-03-0600:00:00
Gentoo Foundation
security.gentoo.org
18

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.7%

JSON

Background

sudo allows a system administrator to give users the ability to run commands as other users.

Description

Two vulnerabilities have been discovered in sudo:

  • When the sudoers file is configured with a Runas group, sudo does not prompt for a password when changing to the new group (CVE-2011-0010).
  • A format string vulnerability exists in the “sudo_debug()” function (CVE-2012-0809).

Impact

A local attacker could possibly gain the ability to run arbitrary commands with the privileges of other users or groups, including root.

Workaround

There is no known workaround at this time.

Resolution

All sudo users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.3_p2"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-admin/sudo< 1.8.3_p2UNKNOWN

Related

openvas 24
nessus 22
oraclelinux 2
cve 2
slackware 1
freebsd 2
prion 2
ubuntu 1
redhat 3
veracode 1
ubuntucve 2
securityvulns 2
debiancve 2
fedora 4
exploitpack 1
seebug 1
zdt 1
exploitdb 1
openvas
openvas
Gentoo Security Advisory GLSA 201203-06 (sudo)
2012-03-12 00:00:00
Gentoo Security Advisory GLSA 201203-06 (sudo)
2012-03-12 00:00:00
RedHat Update for sudo RHSA-2011:0599-01
2012-06-06 00:00:00
nessus
nessus
GLSA-201203-06 : sudo: Privilege escalation
2012-03-06 00:00:00
Scientific Linux Security Update : sudo on SL6.x i386/x86_64
2012-08-01 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2011-041-05)
2011-02-11 00:00:00
oraclelinux
oraclelinux
sudo security and bug fix update
2011-05-28 00:00:00
sudo security and bug fix update
2012-03-01 00:00:00
cve
cve
CVE-2011-0010
2011-01-18 18:03:00
CVE-2012-0809
2012-02-01 00:55:00
slackware
slackware
[slackware-security] sudo
2011-02-11 01:18:11
freebsd
freebsd
sudo -- local privilege escalation
2011-01-11 00:00:00
sudo -- format string vulnerability
2012-01-30 00:00:00
prion
prion
Authentication flaw
2011-01-18 18:03:00
Format string
2012-02-01 00:55:00
ubuntu
ubuntu
Sudo vulnerability
2011-01-20 00:00:00
redhat
redhat
(RHSA-2012:0309) Low: sudo security and bug fix update
2012-02-21 00:00:00
(RHSA-2011:0599) Low: sudo security and bug fix update
2011-05-19 00:00:00
(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update
2012-02-21 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 01:01:50
ubuntucve
ubuntucve
CVE-2011-0010
2011-01-18 00:00:00
CVE-2012-0809
2012-02-01 00:00:00
securityvulns
securityvulns
[USN-1046-1] Sudo vulnerability
2011-01-20 00:00:00
sudo privilege escalation
2011-01-20 00:00:00
debiancve
debiancve
CVE-2011-0010
2011-01-18 18:03:00
CVE-2012-0809
2012-02-01 00:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: sudo-1.8.3p1-2.fc16
2012-01-31 22:00:15
[SECURITY] Fedora 14 Update: sudo-1.7.4p5-1.fc14
2011-01-18 21:40:13
[SECURITY] Fedora 13 Update: sudo-1.7.4p5-1.fc13
2011-01-21 23:00:08
exploitpack
exploitpack
sudo 1.8.0 1.8.3p1 - sudo_debug glibc FORTIFY_SOURCE Bypass + Privilege Escalation
2013-05-01 00:00:00
seebug
seebug
sudo 1.8.0-1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURCE Bypass
2014-07-01 00:00:00
zdt
zdt
Sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit
2013-05-01 00:00:00
exploitdb
exploitdb
sudo 1.8.0 &lt; 1.8.3p1 - &#039;sudo_debug&#039; glibc FORTIFY_SOURCE Bypass + Privilege Escalation
2013-05-01 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.7%

JSON
Related for GLSA-201203-06
openvas24nessus22oraclelinux2cve2slackware1freebsd2prion2ubuntu1redhat3veracode1ubuntucve2securityvulns2debiancve2fedora4exploitpack1seebug1zdt1exploitdb1