CVE-2011-0010
published 2011-01-18CVE-2011-0010: check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid…
medium4.4CVSS 3.1
AVLACMAuNCPIPAP
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sudo | < sudo 1.7.4p4-6 (bookworm) | sudo 1.7.4p4-6 (bookworm) |
| sudo_project | sudo | >= 0 < 1.7.4p4-6 | 1.7.4p4-6 |
| sudo_project | sudo | >= 0 < 1.7.4p4-6 | 1.7.4p4-6 |
| sudo_project | sudo | >= 0 < 1.7.4p4-6 | 1.7.4p4-6 |
| sudo_project | sudo | >= 0 < 1.7.4p4-6 | 1.7.4p4-6 |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
CVSS provenance
nvd4.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv4.4MEDIUM