CVE-2011-0008

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.  NOTE: this vulnerability exists because of a CVE-2009-0034 regression.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
todd_millersudo
𝑥
≤ 1.7.4p5
todd_millersudo
1.3.1
todd_millersudo
1.5
todd_millersudo
1.5.2
todd_millersudo
1.5.3
todd_millersudo
1.5.6
todd_millersudo
1.5.7
todd_millersudo
1.5.8
todd_millersudo
1.5.9
todd_millersudo
1.6
todd_millersudo
1.6.1
todd_millersudo
1.6.2
todd_millersudo
1.6.2p1:p1
todd_millersudo
1.6.2p2:p2
todd_millersudo
1.6.2p3:p3
todd_millersudo
1.6.3
todd_millersudo
1.6.3_p1:_p1
todd_millersudo
1.6.3_p2:_p2
todd_millersudo
1.6.3_p3:_p3
todd_millersudo
1.6.3_p4:_p4
todd_millersudo
1.6.3_p5:_p5
todd_millersudo
1.6.3_p6:_p6
todd_millersudo
1.6.3_p7:_p7
todd_millersudo
1.6.3p1:p1
todd_millersudo
1.6.3p2:p2
todd_millersudo
1.6.3p3:p3
todd_millersudo
1.6.3p4:p4
todd_millersudo
1.6.3p5:p5
todd_millersudo
1.6.3p6:p6
todd_millersudo
1.6.3p7:p7
todd_millersudo
1.6.4
todd_millersudo
1.6.4_p1:_p1
todd_millersudo
1.6.4_p2:_p2
todd_millersudo
1.6.4p1:p1
todd_millersudo
1.6.4p2:p2
todd_millersudo
1.6.5
todd_millersudo
1.6.5_p1:_p1
todd_millersudo
1.6.5_p2:_p2
todd_millersudo
1.6.5p1:p1
todd_millersudo
1.6.5p2:p2
todd_millersudo
1.6.6
todd_millersudo
1.6.7
todd_millersudo
1.6.7_p5:_p5
todd_millersudo
1.6.7p1:p1
todd_millersudo
1.6.7p2:p2
todd_millersudo
1.6.7p3:p3
todd_millersudo
1.6.7p4:p4
todd_millersudo
1.6.7p5:p5
todd_millersudo
1.6.8
todd_millersudo
1.6.8_p1:_p1
todd_millersudo
1.6.8_p2:_p2
todd_millersudo
1.6.8_p5:_p5
todd_millersudo
1.6.8_p7:_p7
todd_millersudo
1.6.8_p8:_p8
todd_millersudo
1.6.8_p9:_p9
todd_millersudo
1.6.8_p12:_p12
todd_millersudo
1.6.8p1:p1
todd_millersudo
1.6.8p2:p2
todd_millersudo
1.6.8p3:p3
todd_millersudo
1.6.8p4:p4
todd_millersudo
1.6.8p5:p5
todd_millersudo
1.6.8p6:p6
todd_millersudo
1.6.8p7:p7
todd_millersudo
1.6.8p8:p8
todd_millersudo
1.6.8p9:p9
todd_millersudo
1.6.8p10:p10
todd_millersudo
1.6.8p11:p11
todd_millersudo
1.6.8p12:p12
todd_millersudo
1.6.9
todd_millersudo
1.6.9_p17:_p17
todd_millersudo
1.6.9_p18:_p18
todd_millersudo
1.6.9_p19:_p19
todd_millersudo
1.6.9_p20:_p20
todd_millersudo
1.6.9_p21:_p21
todd_millersudo
1.6.9_p22:_p22
todd_millersudo
1.6.9p1:p1
todd_millersudo
1.6.9p2:p2
todd_millersudo
1.6.9p3:p3
todd_millersudo
1.6.9p4:p4
todd_millersudo
1.6.9p5:p5
todd_millersudo
1.6.9p6:p6
todd_millersudo
1.6.9p7:p7
todd_millersudo
1.6.9p8:p8
todd_millersudo
1.6.9p9:p9
todd_millersudo
1.6.9p10:p10
todd_millersudo
1.6.9p11:p11
todd_millersudo
1.6.9p12:p12
todd_millersudo
1.6.9p13:p13
todd_millersudo
1.6.9p14:p14
todd_millersudo
1.6.9p15:p15
todd_millersudo
1.6.9p16:p16
todd_millersudo
1.6.9p17:p17
todd_millersudo
1.6.9p18:p18
todd_millersudo
1.6.9p19:p19
todd_millersudo
1.6.9p20:p20
todd_millersudo
1.6.9p21:p21
todd_millersudo
1.6.9p22:p22
todd_millersudo
1.6.9p23:p23
todd_millersudo
1.7.0
todd_millersudo
1.7.1
todd_millersudo
1.7.2
todd_millersudo
1.7.2p1:p1
todd_millersudo
1.7.2p2:p2
todd_millersudo
1.7.2p3:p3
todd_millersudo
1.7.2p4:p4
todd_millersudo
1.7.2p5:p5
todd_millersudo
1.7.2p6:p6
todd_millersudo
1.7.2p7:p7
todd_millersudo
1.7.3b1:b1
todd_millersudo
1.7.4
todd_millersudo
1.7.4p1:p1
todd_millersudo
1.7.4p2:p2
todd_millersudo
1.7.4p3:p3
todd_millersudo
1.7.4p4:p4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sudo
bullseye (security)
1.9.5p2-3+deb11u1
fixed
bullseye
1.9.5p2-3+deb11u1
fixed
bookworm
1.9.13p3-1+deb12u1
fixed
sid
1.9.16-2
fixed
trixie
1.9.16-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sudo
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
not-affected
dapper
not-affected
References
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html
http://secunia.com/advisories/42968
http://www.mandriva.com/security/advisories?name=MDVSA-2011:018
http://www.vupen.com/english/advisories/2011/0195
http://www.vupen.com/english/advisories/2011/0199
https://bugzilla.redhat.com/show_bug.cgi?id=668843
https://exchange.xforce.ibmcloud.com/vulnerabilities/64965
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html
http://secunia.com/advisories/42968
http://www.mandriva.com/security/advisories?name=MDVSA-2011:018
http://www.vupen.com/english/advisories/2011/0195
http://www.vupen.com/english/advisories/2011/0199
https://bugzilla.redhat.com/show_bug.cgi?id=668843
https://exchange.xforce.ibmcloud.com/vulnerabilities/64965