Информационная безопасность
[RU] switch to English


Повышение привилегий в sudo
Опубликовано:20 января 2011 г.
Источник:
SecurityVulns ID:11367
Тип:локальная
Уровень опасности:
5/10
Описание:При определенных условиях можно выполнить код с правами группы.
Затронутые продукты:SUDO : sudo 1.7
CVE:CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.)
 CVE-2011-0008 (A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.)
 CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.)
Оригинальный текстdocumentUBUNTU, [USN-1046-1] Sudo vulnerability (20.01.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород