Lucene search
HistoryJan 20, 2011 - 7:00 p.m.
CVE-2011-0008
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
40.7%
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.
Affected configurations
Node
todd_millersudoRangeβ€1.7.4p5
ORtodd_millersudoMatch1.3.1
ORtodd_millersudoMatch1.5
ORtodd_millersudoMatch1.5.2
ORtodd_millersudoMatch1.5.3
ORtodd_millersudoMatch1.5.6
ORtodd_millersudoMatch1.5.7
ORtodd_millersudoMatch1.5.8
ORtodd_millersudoMatch1.5.9
ORtodd_millersudoMatch1.6
ORtodd_millersudoMatch1.6.1
ORtodd_millersudoMatch1.6.2
ORtodd_millersudoMatch1.6.2p1
ORtodd_millersudoMatch1.6.2p2
ORtodd_millersudoMatch1.6.2p3
ORtodd_millersudoMatch1.6.3
ORtodd_millersudoMatch1.6.3_p1
ORtodd_millersudoMatch1.6.3_p2
ORtodd_millersudoMatch1.6.3_p3
ORtodd_millersudoMatch1.6.3_p4
ORtodd_millersudoMatch1.6.3_p5
ORtodd_millersudoMatch1.6.3_p6
ORtodd_millersudoMatch1.6.3_p7
ORtodd_millersudoMatch1.6.3p1
ORtodd_millersudoMatch1.6.3p2
ORtodd_millersudoMatch1.6.3p3
ORtodd_millersudoMatch1.6.3p4
ORtodd_millersudoMatch1.6.3p5
ORtodd_millersudoMatch1.6.3p6
ORtodd_millersudoMatch1.6.3p7
ORtodd_millersudoMatch1.6.4
ORtodd_millersudoMatch1.6.4_p1
ORtodd_millersudoMatch1.6.4_p2
ORtodd_millersudoMatch1.6.4p1
ORtodd_millersudoMatch1.6.4p2
ORtodd_millersudoMatch1.6.5
ORtodd_millersudoMatch1.6.5_p1
ORtodd_millersudoMatch1.6.5_p2
ORtodd_millersudoMatch1.6.5p1
ORtodd_millersudoMatch1.6.5p2
ORtodd_millersudoMatch1.6.6
ORtodd_millersudoMatch1.6.7
ORtodd_millersudoMatch1.6.7_p5
ORtodd_millersudoMatch1.6.7p1
ORtodd_millersudoMatch1.6.7p2
ORtodd_millersudoMatch1.6.7p3
ORtodd_millersudoMatch1.6.7p4
ORtodd_millersudoMatch1.6.7p5
ORtodd_millersudoMatch1.6.8
ORtodd_millersudoMatch1.6.8_p1
ORtodd_millersudoMatch1.6.8_p2
ORtodd_millersudoMatch1.6.8_p5
ORtodd_millersudoMatch1.6.8_p7
ORtodd_millersudoMatch1.6.8_p8
ORtodd_millersudoMatch1.6.8_p9
ORtodd_millersudoMatch1.6.8_p12
ORtodd_millersudoMatch1.6.8p1
ORtodd_millersudoMatch1.6.8p2
ORtodd_millersudoMatch1.6.8p3
ORtodd_millersudoMatch1.6.8p4
ORtodd_millersudoMatch1.6.8p5
ORtodd_millersudoMatch1.6.8p6
ORtodd_millersudoMatch1.6.8p7
ORtodd_millersudoMatch1.6.8p8
ORtodd_millersudoMatch1.6.8p9
ORtodd_millersudoMatch1.6.8p10
ORtodd_millersudoMatch1.6.8p11
ORtodd_millersudoMatch1.6.8p12
ORtodd_millersudoMatch1.6.9
ORtodd_millersudoMatch1.6.9_p17
ORtodd_millersudoMatch1.6.9_p18
ORtodd_millersudoMatch1.6.9_p19
ORtodd_millersudoMatch1.6.9_p20
ORtodd_millersudoMatch1.6.9_p21
ORtodd_millersudoMatch1.6.9_p22
ORtodd_millersudoMatch1.6.9p1
ORtodd_millersudoMatch1.6.9p2
ORtodd_millersudoMatch1.6.9p3
ORtodd_millersudoMatch1.6.9p4
ORtodd_millersudoMatch1.6.9p5
ORtodd_millersudoMatch1.6.9p6
ORtodd_millersudoMatch1.6.9p7
ORtodd_millersudoMatch1.6.9p8
ORtodd_millersudoMatch1.6.9p9
ORtodd_millersudoMatch1.6.9p10
ORtodd_millersudoMatch1.6.9p11
ORtodd_millersudoMatch1.6.9p12
ORtodd_millersudoMatch1.6.9p13
ORtodd_millersudoMatch1.6.9p14
ORtodd_millersudoMatch1.6.9p15
ORtodd_millersudoMatch1.6.9p16
ORtodd_millersudoMatch1.6.9p17
ORtodd_millersudoMatch1.6.9p18
ORtodd_millersudoMatch1.6.9p19
ORtodd_millersudoMatch1.6.9p20
ORtodd_millersudoMatch1.6.9p21
ORtodd_millersudoMatch1.6.9p22
ORtodd_millersudoMatch1.6.9p23
ORtodd_millersudoMatch1.7.0
ORtodd_millersudoMatch1.7.1
ORtodd_millersudoMatch1.7.2
ORtodd_millersudoMatch1.7.2p1
ORtodd_millersudoMatch1.7.2p2
ORtodd_millersudoMatch1.7.2p3
ORtodd_millersudoMatch1.7.2p4
ORtodd_millersudoMatch1.7.2p5
ORtodd_millersudoMatch1.7.2p6
ORtodd_millersudoMatch1.7.2p7
ORtodd_millersudoMatch1.7.3b1
ORtodd_millersudoMatch1.7.4
ORtodd_millersudoMatch1.7.4p1
ORtodd_millersudoMatch1.7.4p2
ORtodd_millersudoMatch1.7.4p3
ORtodd_millersudoMatch1.7.4p4
redhatfedoraMatch14
References
lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html
lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html
secunia.com/advisories/42968
www.mandriva.com/security/advisories?name=MDVSA-2011:018
www.vupen.com/english/advisories/2011/0195
www.vupen.com/english/advisories/2011/0199
bugzilla.redhat.com/show_bug.cgi?id=668843
exchange.xforce.ibmcloud.com/vulnerabilities/64965
Related
cvelist
cvelist
CVE-2011-0008
2011-01-20 18:00:00
CVE-2009-0034
2009-01-30 19:00:00
nessus
nessus
RHEL 5 : sudo (RHSA-2009:0267)
2009-02-06 00:00:00
Ubuntu 8.04 LTS / 8.10 : sudo vulnerability (USN-722-1)
2009-04-23 00:00:00
Oracle Linux 5 : sudo (ELSA-2009-0267)
2013-07-12 00:00:00
cve
cve
CVE-2011-0008
2011-01-20 19:00:07
CVE-2009-0034
2009-01-30 19:30:00
prion
prion
Authorization
2011-01-20 19:00:00
Authorization
2009-01-30 19:30:00
debiancve
debiancve
CVE-2011-0008
2011-01-20 19:00:07
CVE-2009-0034
2009-01-30 19:30:00
ubuntucve
ubuntucve
CVE-2011-0008
2011-01-20 00:00:00
CVE-2009-0034
2009-01-30 00:00:00
openvas
openvas
Fedora Update for sudo FEDORA-2011-0470
2011-01-21 00:00:00
Fedora Update for sudo FEDORA-2011-0470
2011-01-21 00:00:00
Mandriva Update for sudo MDVSA-2011:018 (sudo)
2011-01-24 00:00:00
securityvulns
securityvulns
sudo privilege escalation
2011-01-20 00:00:00
sudo privilege escalation
2009-02-01 00:00:00
rPSA-2009-0021-1 sudo
2009-02-01 00:00:00
freebsd
freebsd
sudo -- certain authorized users could run commands as any user
2009-02-04 00:00:00
gentoo
gentoo
sudo: Privilege escalation
2009-02-06 00:00:00
nvd
nvd
CVE-2009-0034
2009-01-30 19:30:00
redhat
redhat
(RHSA-2009:0267) Moderate: sudo security update
2009-02-05 00:00:00
seebug
seebug
Todd Miller Sudo Runas_Aliasη»ζ¬ε°ζιζεζΌζ΄
2009-02-19 00:00:00
ubuntu
ubuntu
sudo vulnerability
2009-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: sudo-1.6.9p17-5.fc10
2009-02-05 02:08:39
[SECURITY] Fedora 14 Update: sudo-1.7.4p5-1.fc14
2011-01-18 21:40:13
[SECURITY] Fedora 13 Update: sudo-1.7.4p5-1.fc13
2011-01-21 23:00:08
oraclelinux
oraclelinux
sudo security update
2009-02-05 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:31:17
vmware
vmware
ESX Service Console updates for udev, sudo, and curl
2009-07-10 00:00:00
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
40.7%
Related for NVD:CVE-2011-0008