CVE-2011-0010

sudo: does not ask for password on GID changes

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

check.c para sudo v1.7.x anterior a v1.7.4p5, cuando un grupo Runas se configura no requiere una contraseña para la ejecución de comandos, lo que implica un cambio gid pero no un cambio de UID, lo que permite a usuarios locales eludir un requisito de autenticación a través de la opción -g del comando sudo.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Local

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-12-07 CVE Reserved
2011-01-18 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (31)

URL	Tag	Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641	X_refsource_confirm
http://openwall.com/lists/oss-security/2011/01/12/3	Mailing List
http://secunia.com/advisories/42949	Third Party Advisory
http://secunia.com/advisories/42968	Third Party Advisory
http://secunia.com/advisories/43068	Third Party Advisory
http://secunia.com/advisories/43282	Third Party Advisory
http://www.osvdb.org/70400	Vdb Entry
http://www.securityfocus.com/bid/45774	Vdb Entry
http://www.sudo.ws/sudo/alerts/runas_group_pw.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2011/0182	Vdb Entry
http://www.vupen.com/english/advisories/2011/0195	Vdb Entry
http://www.vupen.com/english/advisories/2011/0199	Vdb Entry
http://www.vupen.com/english/advisories/2011/0212	Vdb Entry
http://www.vupen.com/english/advisories/2011/0362	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/64636	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://openwall.com/lists/oss-security/2011/01/11/3	2018-01-05
http://openwall.com/lists/oss-security/2011/01/12/1	2018-01-05
http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e	2018-01-05
http://www.sudo.ws/repos/sudo/rev/fe8a94f96542	2018-01-05
https://bugzilla.redhat.com/show_bug.cgi?id=668879	2012-02-21

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html	2018-01-05
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html	2018-01-05
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	2018-01-05
http://secunia.com/advisories/42886	2018-01-05
http://security.gentoo.org/glsa/glsa-201203-06.xml	2018-01-05
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593654	2018-01-05
http://www.mandriva.com/security/advisories?name=MDVSA-2011:018	2018-01-05
http://www.redhat.com/support/errata/RHSA-2011-0599.html	2018-01-05
http://www.ubuntu.com/usn/USN-1046-1	2018-01-05
http://www.vupen.com/english/advisories/2011/0089	2018-01-05
https://access.redhat.com/security/cve/CVE-2011-0010	2012-02-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.0 Search vendor "Todd Miller" for product "Sudo" and version "1.7.0"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.1"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.2p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p1"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.2p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p2"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.2p3 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p3"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.2p4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p4"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.2p5 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p5"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.2p6 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p6"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.2p7 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p7"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.3b1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.3b1"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.4p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p1"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.4p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p2"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.4p3 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p3"		-		Affected
Todd Miller Search vendor "Todd Miller"		Sudo Search vendor "Todd Miller" for product "Sudo"				1.7.4p4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p4"		-		Affected