CVE-2011-0010 — Improper Update of Reference Count in Miller Sudo

CWE-264 CWE-911 — Improper Update of Reference Count CWE-190 — Integer Overflow or Wraparound CWE-416 — Use After Free CWE-414 — Missing Lock Check CWE-413 — Improper Resource Locking CWE-369 — Divide By Zero CWE-20 — Improper Input Validation CWE-476 — NULL Pointer Dereference28 documents9 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 70.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sudo Project Sudo Todd Miller Sudo

Timeline

PublishedJan 18

Latest updateFeb 26

Description

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶Debiansudo_project/sudo< 1.7.4p4-6+3

▶NVDtodd_miller/sudo16 versions+15

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: www.sudo.ws ↗

🔴Vulnerability Details

GHSA

GHSA-mxvj-5g45-2vv5: check↗2022-05-03

▶

CVEList

CVE-2011-0010: check↗2011-01-18

▶

OSV

CVE-2011-0010: check↗2011-01-18

▶

📋Vendor Advisories

Red Hat

kernel: bpf: Fix a btf decl_tag bug when tagging a function↗2025-02-26

▶

Red Hat

kernel: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path↗2024-07-16

▶

Red Hat

kernel: fs/proc: task_mmu.c: don't read mapcount for migration entry↗2024-07-16

▶

Red Hat

kernel: sch_cake: do not call cake_destroy() from cake_init()↗2024-06-19

▶

Red Hat

kernel: bpf: Add oversize check before call kvcalloc()↗2024-05-21

▶

💬Community

Bugzilla

CVE-2021-46915 kernel: netfilter: divide error in nft_limit_init↗2024-02-27

▶

Bugzilla

CVE-2011-0010 sudo: does not ask for password on GID changes [fedora-all]↗2011-01-13

▶

Bugzilla

CVE-2011-0010 sudo: does not ask for password on GID changes↗2011-01-11

▶