FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudo -- local privilege escalation

Affected packages
1.7.0 <= sudo <


VuXML ID 908f4cf2-1e8b-11e0-a587-001b77d09812
Discovery 2011-01-11
Entry 2011-01-13

Todd Miller reports:

Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo's -g option (run as group), if allowed by the sudoers file. A flaw exists in sudo's password checking logic that allows a user to run a command with only the group changed without being prompted for a password.


CVE Name CVE-2011-0010