You are here

CVE-2011-0008

Vincent (CVE) Danen's picture
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

Details Source

Mitre

Statement

Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 4, 5, or 6.

Public Date

2011-01-14 00:00:00

Impact

Moderate

Bugzilla

CVE-2011-0008 sudo in Fedora vulnerable to CVE-2009-0034 again due to improper patch rediff

Bugzilla ID

668 843

CVSS Status

draft

Base Score

6.60

Base Metrics

AV:L/AC:M/Au:S/C:C/I:C/A:C