#VU45435 Permissions, Privileges, and Access Controls in Sudo - CVE-2011-0010

Cybersecurity Help s.r.o.

Published: 2011-01-18 | Updated: 2020-08-11

Vulnerability identifier: #VU45435

Vulnerability risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-0010

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Sudo
Client/Desktop applications / Software for system administration

Vendor: Sudo

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Sudo: 1.7.0 - 1.7.4p4

External links
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html
https://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
https://openwall.com/lists/oss-security/2011/01/11/3
https://openwall.com/lists/oss-security/2011/01/12/1
https://openwall.com/lists/oss-security/2011/01/12/3
https://secunia.com/advisories/42886
https://secunia.com/advisories/42949
https://secunia.com/advisories/42968
https://secunia.com/advisories/43068
https://secunia.com/advisories/43282
https://security.gentoo.org/glsa/glsa-201203-06.xml
https://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593654
https://www.mandriva.com/security/advisories?name=MDVSA-2011:018
https://www.osvdb.org/70400
https://www.redhat.com/support/errata/RHSA-2011-0599.html
https://www.securityfocus.com/bid/45774
https://www.sudo.ws/repos/sudo/rev/07d1b0ce530e
https://www.sudo.ws/repos/sudo/rev/fe8a94f96542
https://www.sudo.ws/sudo/alerts/runas_group_pw.html
https://www.ubuntu.com/usn/USN-1046-1
https://www.vupen.com/english/advisories/2011/0089
https://www.vupen.com/english/advisories/2011/0182
https://www.vupen.com/english/advisories/2011/0195
https://www.vupen.com/english/advisories/2011/0199
https://www.vupen.com/english/advisories/2011/0212
https://www.vupen.com/english/advisories/2011/0362
https://bugzilla.redhat.com/show_bug.cgi?id=668879
https://exchange.xforce.ibmcloud.com/vulnerabilities/64636

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for sudo

Slackware Linux update for sudo

Permissions, Privileges, and Access Controls in Sudo