CVE-2011-0008

6 documents6 sources
Severity
6.9MEDIUM
EPSS
0.0%
top 85.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Todd Miller Sudo
Timeline
PublishedJan 20
Latest updateMay 3

Description

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

โ–ถNVDtodd_miller/sudo1.7.4p5+113

Patches

Patch: bugzilla.redhat.com โ†—Patch: bugzilla.redhat.com โ†—

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-p276-77q6-c7jq: A certain Fedora patch for parseโ†—2022-05-03
โ–ถ
CVEList
CVE-2011-0008: A certain Fedora patch for parseโ†—2011-01-20
โ–ถ

๐Ÿ“‹Vendor Advisories

2
Red Hat
sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediffโ†—2011-01-14
โ–ถ
Debian
CVE-2011-0008: sudo - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 do...โ†—2011
โ–ถ

๐Ÿ’ฌCommunity

1
Bugzilla
CVE-2011-0008 sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediffโ†—2011-01-11
โ–ถ
CVE-2011-0008 (MEDIUM CVSS 6.9) | A certain Fedora patch for parse.c | cvebase.io