Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1046-1
HistoryJan 20, 2011 - 12:00 a.m.

Sudo vulnerability

2011-01-2000:00:00
ubuntu.com
34

7.8 High

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.8%

JSON

Releases

  • Ubuntu 10.10
  • Ubuntu 10.04
  • Ubuntu 9.10

Packages

  • sudo - Provide limited super user privileges to specific users

Details

Alexander Kurtz discovered that sudo would not prompt for a password when
a group was specified in the Runas_Spec. A local attacker could exploit
this to execute arbitrary code as the specified group if sudo was
configured to allow the attacker to use a program as this group. The group
Runas_Spec is not used in the default installation of Ubuntu.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchsudo-ldap< 1.7.0-1ubuntu2.6UNKNOWN
Ubuntu9.10noarchsudo< 1.7.0-1ubuntu2.6UNKNOWN
Ubuntu10.10noarchsudo-ldap< 1.7.2p7-1ubuntu2.1UNKNOWN
Ubuntu10.10noarchsudo< 1.7.2p7-1ubuntu2.1UNKNOWN
Ubuntu10.04noarchsudo-ldap< 1.7.2p1-1ubuntu5.3UNKNOWN
Ubuntu10.04noarchsudo< 1.7.2p1-1ubuntu5.3UNKNOWN

Related

oraclelinux 2
nessus 19
openvas 20
cve 1
freebsd 1
slackware 1
prion 1
redhat 3
securityvulns 2
debiancve 1
veracode 1
ubuntucve 1
fedora 2
gentoo 1
oraclelinux
oraclelinux
sudo security and bug fix update
2011-05-28 00:00:00
sudo security and bug fix update
2012-03-01 00:00:00
nessus
nessus
Scientific Linux Security Update : sudo on SL6.x i386/x86_64
2012-08-01 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2011-041-05)
2011-02-11 00:00:00
Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20120221)
2012-08-01 00:00:00
openvas
openvas
RedHat Update for sudo RHSA-2011:0599-01
2012-06-06 00:00:00
RedHat Update for sudo RHSA-2012:0309-03
2012-02-21 00:00:00
FreeBSD Ports: sudo
2011-01-24 00:00:00
cve
cve
CVE-2011-0010
2011-01-18 18:03:00
freebsd
freebsd
sudo -- local privilege escalation
2011-01-11 00:00:00
slackware
slackware
[slackware-security] sudo
2011-02-11 01:18:11
prion
prion
Authentication flaw
2011-01-18 18:03:00
redhat
redhat
(RHSA-2011:0599) Low: sudo security and bug fix update
2011-05-19 00:00:00
(RHSA-2012:0309) Low: sudo security and bug fix update
2012-02-21 00:00:00
(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update
2012-02-21 00:00:00
securityvulns
securityvulns
[USN-1046-1] Sudo vulnerability
2011-01-20 00:00:00
sudo privilege escalation
2011-01-20 00:00:00
debiancve
debiancve
CVE-2011-0010
2011-01-18 18:03:00
veracode
veracode
Privilege Escalation
2020-04-10 01:01:50
ubuntucve
ubuntucve
CVE-2011-0010
2011-01-18 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: sudo-1.7.4p5-1.fc14
2011-01-18 21:40:13
[SECURITY] Fedora 13 Update: sudo-1.7.4p5-1.fc13
2011-01-21 23:00:08
gentoo
gentoo
sudo: Privilege escalation
2012-03-06 00:00:00

7.8 High

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.8%

JSON
Related for USN-1046-1
oraclelinux2nessus19openvas20cve1freebsd1slackware1prion1redhat3securityvulns2debiancve1veracode1ubuntucve1fedora2gentoo1