CVE-2011-0008

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-0008
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html
http://secunia.com/advisories/42968 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:018
http://www.vupen.com/english/advisories/2011/0195
http://www.vupen.com/english/advisories/2011/0199
https://bugzilla.redhat.com/show_bug.cgi?id=668843 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/64965
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html
http://secunia.com/advisories/42968 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:018
http://www.vupen.com/english/advisories/2011/0195
http://www.vupen.com/english/advisories/2011/0199
https://bugzilla.redhat.com/show_bug.cgi?id=668843 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/64965
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:todd_miller:sudo:*:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.2p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.2p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p10:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p11:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p20:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p21:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p22:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p10:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p11:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p12:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p13:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p14:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p15:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p16:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p17:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p18:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p19:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora:14:*:*:*:*:*:*:*
History

21 Nov 2024, 01:23

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html -
References () http://secunia.com/advisories/42968 - Vendor Advisory () http://secunia.com/advisories/42968 - Vendor Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:018 - () http://www.mandriva.com/security/advisories?name=MDVSA-2011:018 -
References () http://www.vupen.com/english/advisories/2011/0195 - () http://www.vupen.com/english/advisories/2011/0195 -
References () http://www.vupen.com/english/advisories/2011/0199 - () http://www.vupen.com/english/advisories/2011/0199 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=668843 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=668843 - Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/64965 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/64965 -
Information

Published : 2011-01-20 19:00

Updated : 2024-11-21 01:23

NVD link : CVE-2011-0008

Mitre link : CVE-2011-0008

CVE.ORG link : CVE-2011-0008

JSON object : View

Products Affected

todd_miller

  • sudo

redhat

  • fedora
CWE
NVD-CWE-Other