Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1046-1
HistoryJan 20, 2011 - 12:00 a.m.

Sudo vulnerability

2011-01-2000:00:00
ubuntu.com
39

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

17.2%

JSON

Releases

  • Ubuntu 10.10
  • Ubuntu 10.04
  • Ubuntu 9.10

Packages

  • sudo - Provide limited super user privileges to specific users

Details

Alexander Kurtz discovered that sudo would not prompt for a password when
a group was specified in the Runas_Spec. A local attacker could exploit
this to execute arbitrary code as the specified group if sudo was
configured to allow the attacker to use a program as this group. The group
Runas_Spec is not used in the default installation of Ubuntu.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchsudo-ldap< 1.7.0-1ubuntu2.6UNKNOWN
Ubuntu9.10noarchsudo< 1.7.0-1ubuntu2.6UNKNOWN
Ubuntu10.10noarchsudo-ldap< 1.7.2p7-1ubuntu2.1UNKNOWN
Ubuntu10.10noarchsudo< 1.7.2p7-1ubuntu2.1UNKNOWN
Ubuntu10.04noarchsudo-ldap< 1.7.2p1-1ubuntu5.3UNKNOWN
Ubuntu10.04noarchsudo< 1.7.2p1-1ubuntu5.3UNKNOWN

Related

nessus 19
prion 1
openvas 20
oraclelinux 2
freebsd 1
slackware 1
cve 1
redhat 3
cvelist 1
ubuntucve 1
nvd 1
veracode 1
securityvulns 2
debiancve 1
fedora 2
gentoo 1
nessus
nessus
FreeBSD : sudo -- local privilege escalation (908f4cf2-1e8b-11e0-a587-001b77d09812)
2011-01-14 00:00:00
Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20120221)
2012-08-01 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2011-041-05)
2011-02-11 00:00:00
prion
prion
Authentication flaw
2011-01-18 18:03:00
openvas
openvas
Oracle: Security Advisory (ELSA-2012-0309)
2015-10-06 00:00:00
FreeBSD Ports: sudo
2011-01-24 00:00:00
RedHat Update for sudo RHSA-2011:0599-01
2012-06-06 00:00:00
oraclelinux
oraclelinux
sudo security and bug fix update
2011-05-28 00:00:00
sudo security and bug fix update
2012-03-01 00:00:00
freebsd
freebsd
sudo -- local privilege escalation
2011-01-11 00:00:00
slackware
slackware
[slackware-security] sudo
2011-02-11 01:18:11
cve
cve
CVE-2011-0010
2011-01-18 18:03:08
redhat
redhat
(RHSA-2012:0309) Low: sudo security and bug fix update
2012-02-21 00:00:00
(RHSA-2011:0599) Low: sudo security and bug fix update
2011-05-19 00:00:00
(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update
2012-02-21 00:00:00
cvelist
cvelist
CVE-2011-0010
2011-01-18 17:00:00
ubuntucve
ubuntucve
CVE-2011-0010
2011-01-18 00:00:00
nvd
nvd
CVE-2011-0010
2011-01-18 18:03:08
veracode
veracode
Privilege Escalation
2020-04-10 01:01:50
securityvulns
securityvulns
[USN-1046-1] Sudo vulnerability
2011-01-20 00:00:00
sudo privilege escalation
2011-01-20 00:00:00
debiancve
debiancve
CVE-2011-0010
2011-01-18 18:03:08
fedora
fedora
[SECURITY] Fedora 14 Update: sudo-1.7.4p5-1.fc14
2011-01-18 21:40:13
[SECURITY] Fedora 13 Update: sudo-1.7.4p5-1.fc13
2011-01-21 23:00:08
gentoo
gentoo
sudo: Privilege escalation
2012-03-06 00:00:00

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

17.2%

JSON
Related for USN-1046-1
nessus19prion1openvas20oraclelinux2freebsd1slackware1cve1redhat3cvelist1ubuntucve1nvd1veracode1securityvulns2debiancve1fedora2gentoo1