Unrated severityNVD Advisory· Published Jan 18, 2011· Updated Apr 29, 2026
CVE-2011-0010
CVE-2011-0010
Description
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
Affected products
16cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
30- openwall.com/lists/oss-security/2011/01/11/3nvdPatch
- openwall.com/lists/oss-security/2011/01/12/1nvdPatch
- www.sudo.ws/repos/sudo/rev/07d1b0ce530envdPatch
- www.sudo.ws/repos/sudo/rev/fe8a94f96542nvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- secunia.com/advisories/42886nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0089nvdVendor Advisory
- bugs.debian.org/cgi-bin/bugreport.cginvd
- lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvd
- openwall.com/lists/oss-security/2011/01/12/3nvd
- secunia.com/advisories/42949nvd
- secunia.com/advisories/42968nvd
- secunia.com/advisories/43068nvd
- secunia.com/advisories/43282nvd
- security.gentoo.org/glsa/glsa-201203-06.xmlnvd
- slackware.com/security/viewer.phpnvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/70400nvd
- www.redhat.com/support/errata/RHSA-2011-0599.htmlnvd
- www.securityfocus.com/bid/45774nvd
- www.sudo.ws/sudo/alerts/runas_group_pw.htmlnvd
- www.ubuntu.com/usn/USN-1046-1nvd
- www.vupen.com/english/advisories/2011/0182nvd
- www.vupen.com/english/advisories/2011/0195nvd
- www.vupen.com/english/advisories/2011/0199nvd
- www.vupen.com/english/advisories/2011/0212nvd
- www.vupen.com/english/advisories/2011/0362nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/64636nvd
News mentions
0No linked articles in our index yet.