CVE-2011-0010
Publication date 18 January 2011
Last updated 24 July 2024
Ubuntu priority
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
Status
Package | Ubuntu Release | Status |
---|---|---|
sudo | 10.10 maverick |
Fixed 1.7.2p7-1ubuntu2.1
|
10.04 LTS lucid |
Fixed 1.7.2p1-1ubuntu5.3
|
|
9.10 karmic |
Fixed 1.7.0-1ubuntu2.6
|
|
8.04 LTS hardy |
Not affected
|
|
6.06 LTS dapper |
Not affected
|
Notes
Patch details
Package | Patch details |
---|---|
sudo |
References
Related Ubuntu Security Notices (USN)
- USN-1046-1
- Sudo vulnerability
- 20 January 2011