Search for vulnerabilities
Vulnerability details: VCID-kd6v-ae31-aaak
Vulnerability ID VCID-kd6v-ae31-aaak
Aliases CVE-2011-0010
Summary check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
Status Published
Exploitability 0.5
Weighted Severity 4.0
Risk 2.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
rhas Low https://access.redhat.com/errata/RHSA-2011:0599
rhas Low https://access.redhat.com/errata/RHSA-2012:0309
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00047 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
epss 0.00124 https://api.first.org/data/v1/epss?cve=CVE-2011-0010
cvssv2 4.4 https://nvd.nist.gov/vuln/detail/CVE-2011-0010
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://openwall.com/lists/oss-security/2011/01/11/3
http://openwall.com/lists/oss-security/2011/01/12/1
http://openwall.com/lists/oss-security/2011/01/12/3
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0010.json
https://api.first.org/data/v1/epss?cve=CVE-2011-0010
https://bugzilla.redhat.com/show_bug.cgi?id=668879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010
http://secunia.com/advisories/42886
http://secunia.com/advisories/42949
http://secunia.com/advisories/42968
http://secunia.com/advisories/43068
http://secunia.com/advisories/43282
http://security.gentoo.org/glsa/glsa-201203-06.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/64636
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593654
http://www.mandriva.com/security/advisories?name=MDVSA-2011:018
http://www.osvdb.org/70400
http://www.redhat.com/support/errata/RHSA-2011-0599.html
http://www.securityfocus.com/bid/45774
http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e
http://www.sudo.ws/repos/sudo/rev/fe8a94f96542
http://www.sudo.ws/sudo/alerts/runas_group_pw.html
http://www.ubuntu.com/usn/USN-1046-1
http://www.vupen.com/english/advisories/2011/0089
http://www.vupen.com/english/advisories/2011/0182
http://www.vupen.com/english/advisories/2011/0195
http://www.vupen.com/english/advisories/2011/0199
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0362
609641 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641
cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*
CVE-2011-0010 https://nvd.nist.gov/vuln/detail/CVE-2011-0010
GLSA-201203-06 https://security.gentoo.org/glsa/201203-06
RHSA-2011:0599 https://access.redhat.com/errata/RHSA-2011:0599
RHSA-2012:0309 https://access.redhat.com/errata/RHSA-2012:0309
USN-1046-1 https://usn.ubuntu.com/1046-1/
No exploits are available.
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2011-0010
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.18216
EPSS Score 0.00047
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.