VYPR
Unrated severityNVD Advisory· Published Jan 18, 2011· Updated Jun 16, 2026

CVE-2011-0010

CVE-2011-0010

Description

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

18
  • Todd Miller/Sudo16 versions
    cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*
  • Sudo Project/Sudollm-create
    Range: >=1.7.0 <1.7.4p5

Patches

Vulnerability mechanics

References

30

News mentions

0

No linked articles in our index yet.