FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudo -- local privilege escalation

Affected packages
1.7.0 <= sudo < 1.7.4.5

Details

VuXML ID 908f4cf2-1e8b-11e0-a587-001b77d09812
Discovery 2011-01-11
Entry 2011-01-13

Todd Miller reports:

Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo's -g option (run as group), if allowed by the sudoers file. A flaw exists in sudo's password checking logic that allows a user to run a command with only the group changed without being prompted for a password.

References

CVE Name CVE-2011-0010
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641
URL http://www.sudo.ws/sudo/alerts/runas_group_pw.html