Описание
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | |
| devel | released | 1.7.4p4-5ubuntu3 |
| hardy | not-affected | 1.6.9p10-1ubuntu3.8 |
| karmic | released | 1.7.0-1ubuntu2.6 |
| lucid | released | 1.7.2p1-1ubuntu5.3 |
| maverick | released | 1.7.2p7-1ubuntu2.1 |
| upstream | released | 1.7.4p5, 1.7.4p4-6 |
Показывать по
4.4 Medium
CVSS2
Связанные уязвимости
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured ...
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
4.4 Medium
CVSS2