Vulnerability in Todd_miller Sudo
CVE-2011-0010
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requireme…
EPSS: 0.001 (29.3th percentile) — read the EPSS interpretation.
Affected products
- Todd_miller Sudo — versions 1.7.0, 1.7.1, 1.7.2
- N/a — versions n/a
Weakness classification (CWE)
References
- ADV-2011-0362 (vdb-entry, x_refsource_VUPEN)
- secalert@redhat.com (x_refsource_CONFIRM)
- 43068 (x_refsource_SECUNIA, third-party-advisory)
- GLSA-201203-06 (vendor-advisory, x_refsource_GENTOO)
- SSA:2011-041-05 (vendor-advisory, x_refsource_SLACKWARE)
- MDVSA-2011:018 (vendor-advisory, x_refsource_MANDRIVA)
- secalert@redhat.com (Patch, x_refsource_MISC)
- ADV-2011-0089 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- ADV-2011-0212 (vdb-entry, x_refsource_VUPEN)
- 42949 (x_refsource_SECUNIA, third-party-advisory)