CVE-2011-0010

Related Files

Gentoo Linux Security Advisory 201203-06

Posted Mar 6, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-6 - Two vulnerabilities have been discovered in sudo, allowing local attackers to possibly gain escalated privileges. Versions less than 1.8.3_p2 are affected.

tags | advisory, local, vulnerability

systems | linux, gentoo

advisories | CVE-2011-0010, CVE-2012-0809

SHA-256 | 1a5fc85ff948260a7509a11c8d46123635e981c62090a8dc757d025322b5808d

Download | Favorite | View

Red Hat Security Advisory 2012-0309-03

Posted Feb 21, 2012

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory.

tags | advisory, root

systems | linux, redhat

advisories | CVE-2011-0010

SHA-256 | a827591da4fea2ba8c870bb76c75ed69cda355d31fcd569f1ba1cd76fc27be43

Download | Favorite | View

Mandriva Linux Security Advisory 2011-018

Posted Jan 21, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-018 - A patch for parse.c in sudo does not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

tags | advisory, local, root

systems | linux, mandriva

advisories | CVE-2011-0008, CVE-2011-0010

SHA-256 | d8fd379e68953f4a687be7bb6ecff5da28e252ae6870a740003011ee2ac4751e

Download | Favorite | View

Ubuntu Security Notice USN-1046-1

Posted Jan 21, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1046-1 - Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu.

tags | advisory, arbitrary, local

systems | linux, ubuntu

advisories | CVE-2011-0010

SHA-256 | cbd17cefa0607c1ef33b6ed2f963d362ae7aa92f029fde75d8d407dd186609fa

Download | Favorite | View