Lucene search
Gentoo FoundationGLSA-201203-06HistoryMar 06, 2012 - 12:00 a.m.
sudo: Privilege escalation
2012-03-0600:00:00
Gentoo Foundation
security.gentoo.org
28
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
26.8%
Background
sudo allows a system administrator to give users the ability to run commands as other users.
Description
Two vulnerabilities have been discovered in sudo:
- When the sudoers file is configured with a Runas group, sudo does not prompt for a password when changing to the new group (CVE-2011-0010).
- A format string vulnerability exists in the “sudo_debug()” function (CVE-2012-0809).
Impact
A local attacker could possibly gain the ability to run arbitrary commands with the privileges of other users or groups, including root.
Workaround
There is no known workaround at this time.
Resolution
All sudo users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.3_p2"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | app-admin/sudo | < 1.8.3_p2 | UNKNOWN |
Related
openvas
openvas
Gentoo Security Advisory GLSA 201203-06 (sudo)
2012-03-12 00:00:00
Gentoo Security Advisory GLSA 201203-06 (sudo)
2012-03-12 00:00:00
Oracle: Security Advisory (ELSA-2012-0309)
2015-10-06 00:00:00
nessus
nessus
GLSA-201203-06 : sudo: Privilege escalation
2012-03-06 00:00:00
FreeBSD : sudo -- local privilege escalation (908f4cf2-1e8b-11e0-a587-001b77d09812)
2011-01-14 00:00:00
Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20120221)
2012-08-01 00:00:00
prion
prion
Authentication flaw
2011-01-18 18:03:00
Format string
2012-02-01 00:55:00
ubuntu
ubuntu
Sudo vulnerability
2011-01-20 00:00:00
oraclelinux
oraclelinux
sudo security and bug fix update
2011-05-28 00:00:00
sudo security and bug fix update
2012-03-01 00:00:00
freebsd
freebsd
sudo -- local privilege escalation
2011-01-11 00:00:00
sudo -- format string vulnerability
2012-01-30 00:00:00
slackware
slackware
[slackware-security] sudo
2011-02-11 01:18:11
cve
cve
CVE-2011-0010
2011-01-18 18:03:08
CVE-2012-0809
2012-02-01 00:55:02
redhat
redhat
(RHSA-2012:0309) Low: sudo security and bug fix update
2012-02-21 00:00:00
(RHSA-2011:0599) Low: sudo security and bug fix update
2011-05-19 00:00:00
(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update
2012-02-21 00:00:00
cvelist
cvelist
CVE-2011-0010
2011-01-18 17:00:00
CVE-2012-0809
2012-02-01 00:00:00
ubuntucve
ubuntucve
CVE-2011-0010
2011-01-18 00:00:00
CVE-2012-0809
2012-02-01 00:00:00
nvd
nvd
CVE-2011-0010
2011-01-18 18:03:08
CVE-2012-0809
2012-02-01 00:55:02
veracode
veracode
Privilege Escalation
2020-04-10 01:01:50
fedora
fedora
[SECURITY] Fedora 16 Update: sudo-1.8.3p1-2.fc16
2012-01-31 22:00:15
[SECURITY] Fedora 14 Update: sudo-1.7.4p5-1.fc14
2011-01-18 21:40:13
[SECURITY] Fedora 16 Update: sudo-1.8.3p1-3.fc16
2012-07-12 18:56:05
securityvulns
securityvulns
[USN-1046-1] Sudo vulnerability
2011-01-20 00:00:00
sudo privilege escalation
2011-01-20 00:00:00
debiancve
debiancve
CVE-2011-0010
2011-01-18 18:03:08
CVE-2012-0809
2012-02-01 00:55:02
exploitpack
exploitpack
seebug
seebug
sudo 1.8.0-1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURCE Bypass
2014-07-01 00:00:00
zdt
zdt
Sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit
2013-05-01 00:00:00
exploitdb
exploitdb
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
26.8%
Related for GLSA-201203-06