18 matches found
SUSE CVE-2010-2956
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...
SUSE CVE-2011-0010
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...
GLSA-201203-06 : sudo: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201203-06 sudo: Privilege escalation Two vulnerabilities have been discovered in sudo: When the sudoers file is configured with a Runas group, sudo does not prompt for a password when changing to the new group CVE-2011-0010. A...
sudo: does not ask for password on GID changes
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...
sudo: does not ask for password on GID changes
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...
Mandriva Linux Security Advisory : sudo (MDVSA-2011:018)
Multiple vulnerabilities has been found and corrected in sudo : A a patch for parse.c in sudo does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers...
Mandriva Update for sudo MDVSA-2011:018 (sudo)
Check for the Version of sudo OpenVAS Vulnerability Test Mandriva Update for sudo MDVSA-2011:018 sudo Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
CVE-2011-0010
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...
DEBIAN-CVE-2011-0010
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...
CVE-2011-0010
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...
CVE-2011-0010
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...
Mandriva Update for sudo MDVSA-2010:175 (sudo)
Check for the Version of sudo OpenVAS Vulnerability Test Mandriva Update for sudo MDVSA-2010:175 sudo Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
DEBIAN-CVE-2010-2956
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...
Design/Logic Flaw
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...
CVE-2010-2956
CVE-2010-2956 affects sudo 1.7.0–1.7.4p3 where configuring a Runas group and using -u with -g allows local privilege escalation via a crafted command line. The connected advisories (openSUSE, SUSE, Slackware, Scientific Linux, Oracle Linux, VMware/OpenVAS, MiracleLinux AXSA-2010-437:05) reference...
FreeBSD : sudo -- Flaw in Runas group matching (67b514c3-ba8f-11df-8f6e-000c29a67389)
Todd Miller reports : Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo -g option run as group. A flaw exists in the logic that matches Runas groups in the sudoers file when the -u option is also specified run as user. Thi...
sudo -- Flaw in Runas group matching
Todd Miller reports: Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo -g option run as group. A flaw exists in the logic that matches Runas groups in the sudoers file when the -u option is also specified run as user. This...
CVE-2010-2956
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...