Vulnerability in Todd_miller Sudo

CVE-2011-0008

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows loc…

EPSS: 0.000 (14.8th percentile) — read the EPSS interpretation.

Affected products

Todd_miller Sudo — versions 1.3.1, 1.5, 1.5.2
Redhat Fedora — versions 14
N/a — versions n/a

References

MDVSA-2011:018 (vendor-advisory, x_refsource_MANDRIVA)
FEDORA-2011-0470 (x_refsource_FEDORA, vendor-advisory)
ADV-2011-0199 (vdb-entry, x_refsource_VUPEN)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
sudo-parse-privilege-escalation(64965) (vdb-entry, x_refsource_XF)
FEDORA-2011-0455 (x_refsource_FEDORA, vendor-advisory)
ADV-2011-0195 (vdb-entry, x_refsource_VUPEN)
42968 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)