Computer Security
[EN] securityvulns.ru no-pyccku


sudo privilege escalation
Published:20.01.2011
Source:
SecurityVulns ID:11367
Type:local
Threat Level:
5/10
Description:Under some conditions it's possible to execute code with group rights.
Affected:SUDO : sudo 1.7
CVE:CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.)
 CVE-2011-0008 (A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.)
 CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.)
Original documentdocumentUBUNTU, [USN-1046-1] Sudo vulnerability (20.01.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod