CVE-2011-0008

by Fred · 20/01/2011

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

Date published : 2011-01-20

https://bugzilla.redhat.com/show_bug.cgi?id=668843

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html

CVE-2011-0008

Similar

Recent Posts

Categories

CVE-2011-0008

Share this:

Similar

Recent Posts

Categories

Tags