CVE-2011-0010

Published: 18 January 2011

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

Notes

Author	Note
jdstrand	1.6 not affected

Priority

Status

Package	Release	Status
sudo Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	hardy	Not vulnerable (1.6.9p10-1ubuntu3.8)
	karmic	Released (1.7.0-1ubuntu2.6)
	lucid	Released (1.7.2p1-1ubuntu5.3)
	maverick	Released (1.7.2p7-1ubuntu2.1)
	upstream	Released (1.7.4p5, 1.7.4p4-6)
	Patches: upstream: http://www.sudo.ws/repos/sudo/rev/fe8a94f96542 upstream: http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e

References

http://www.sudo.ws/sudo/alerts/runas_group_pw.html
https://ubuntu.com/security/notices/USN-1046-1
https://www.cve.org/CVERecord?id=CVE-2011-0010
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=668879
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›