Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2011-0010
HistoryJan 18, 2011 - 12:00 a.m.

CVE-2011-0010

2011-01-1800:00:00
ubuntu.com
ubuntu.com
12

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.8%

JSON

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured,
does not require a password for command execution that involves a gid
change but no uid change, which allows local users to bypass an intended
authentication requirement via the -g option to a sudo command.

Bugs

Notes

Author Note
jdstrand 1.6 not affected
OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchsudo< 1.7.0-1ubuntu2.6UNKNOWN
ubuntu10.04noarchsudo< 1.7.2p1-1ubuntu5.3UNKNOWN
ubuntu10.10noarchsudo< 1.7.2p7-1ubuntu2.1UNKNOWN

Related

oraclelinux 2
nessus 19
openvas 20
cve 1
slackware 1
freebsd 1
prion 1
ubuntu 1
redhat 3
veracode 1
securityvulns 2
debiancve 1
fedora 2
gentoo 1
oraclelinux
oraclelinux
sudo security and bug fix update
2011-05-28 00:00:00
sudo security and bug fix update
2012-03-01 00:00:00
nessus
nessus
Scientific Linux Security Update : sudo on SL6.x i386/x86_64
2012-08-01 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2011-041-05)
2011-02-11 00:00:00
Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20120221)
2012-08-01 00:00:00
openvas
openvas
RedHat Update for sudo RHSA-2011:0599-01
2012-06-06 00:00:00
RedHat Update for sudo RHSA-2012:0309-03
2012-02-21 00:00:00
FreeBSD Ports: sudo
2011-01-24 00:00:00
cve
cve
CVE-2011-0010
2011-01-18 18:03:00
slackware
slackware
[slackware-security] sudo
2011-02-11 01:18:11
freebsd
freebsd
sudo -- local privilege escalation
2011-01-11 00:00:00
prion
prion
Authentication flaw
2011-01-18 18:03:00
ubuntu
ubuntu
Sudo vulnerability
2011-01-20 00:00:00
redhat
redhat
(RHSA-2012:0309) Low: sudo security and bug fix update
2012-02-21 00:00:00
(RHSA-2011:0599) Low: sudo security and bug fix update
2011-05-19 00:00:00
(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update
2012-02-21 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 01:01:50
securityvulns
securityvulns
[USN-1046-1] Sudo vulnerability
2011-01-20 00:00:00
sudo privilege escalation
2011-01-20 00:00:00
debiancve
debiancve
CVE-2011-0010
2011-01-18 18:03:00
fedora
fedora
[SECURITY] Fedora 14 Update: sudo-1.7.4p5-1.fc14
2011-01-18 21:40:13
[SECURITY] Fedora 13 Update: sudo-1.7.4p5-1.fc13
2011-01-21 23:00:08
gentoo
gentoo
sudo: Privilege escalation
2012-03-06 00:00:00

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

15.8%

JSON
Related for UB:CVE-2011-0010
oraclelinux2nessus19openvas20cve1slackware1freebsd1prion1ubuntu1redhat3veracode1securityvulns2debiancve1fedora2gentoo1