CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
40.7%
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.
Vendor | Product | Version | CPE |
---|---|---|---|
todd_miller | sudo | 1.6.9+p20 | cpe:/a:todd_miller:sudo:1.6.9+p20::: |
todd_miller | sudo | 1.6.4 | cpe:/a:todd_miller:sudo:1.6.4::: |
todd_miller | sudo | 1.6.3+p2 | cpe:/a:todd_miller:sudo:1.6.3+p2::: |
todd_miller | sudo | 1.6.3p4 | cpe:/a:todd_miller:sudo:1.6.3p4::: |
todd_miller | sudo | 1.6.5+p1 | cpe:/a:todd_miller:sudo:1.6.5+p1::: |
todd_miller | sudo | 1.6.9p23 | cpe:/a:todd_miller:sudo:1.6.9p23::: |
todd_miller | sudo | 1.6.8+p7 | cpe:/a:todd_miller:sudo:1.6.8+p7::: |
todd_miller | sudo | 1.6.9p8 | cpe:/a:todd_miller:sudo:1.6.9p8::: |
todd_miller | sudo | 1.5.7 | cpe:/a:todd_miller:sudo:1.5.7::: |
todd_miller | sudo | 1.3.1 | cpe:/a:todd_miller:sudo:1.3.1::: |
lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html
lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html
secunia.com/advisories/42968
www.mandriva.com/security/advisories?name=MDVSA-2011:018
www.vupen.com/english/advisories/2011/0195
www.vupen.com/english/advisories/2011/0199
bugzilla.redhat.com/show_bug.cgi?id=668843
exchange.xforce.ibmcloud.com/vulnerabilities/64965