CVE-2011-0010

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

Published: Jan 18, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0010
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
todd_miller / sudo	1.7.2p4	1.7.2p4.x
todd_miller / sudo	1.7.0	1.7.0.x
todd_miller / sudo	1.7.4p2	1.7.4p2.x
todd_miller / sudo	1.7.1	1.7.1.x
todd_miller / sudo	1.7.2p2	1.7.2p2.x
todd_miller / sudo	1.7.2p7	1.7.2p7.x
todd_miller / sudo	1.7.2	1.7.2.x
todd_miller / sudo	1.7.4	1.7.4.x
todd_miller / sudo	1.7.4p3	1.7.4p3.x
todd_miller / sudo	1.7.3b1	1.7.3b1.x
todd_miller / sudo	1.7.2p1	1.7.2p1.x
todd_miller / sudo	1.7.2p3	1.7.2p3.x
todd_miller / sudo	1.7.4p4	1.7.4p4.x
todd_miller / sudo	1.7.2p5	1.7.2p5.x
todd_miller / sudo	1.7.4p1	1.7.4p1.x
todd_miller / sudo	1.7.2p6	1.7.2p6.x

Vulnerability Database

289,689

CVE-2011-0010