CVE-2011-0010

Name of the Vulnerable Software and Affected Versions sudo versions prior to 1.8.3 p2 sudo versions 1.7.x before 1.7.4p5

Description The issue affects the sudo package in Gentoo Linux, potentially compromising confidentiality, integrity, and availability of protected information. Exploitation can be done locally. Specifically, in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, the check.c file does not require a password for command execution involving a gid change but no uid change, allowing local users to bypass intended authentication via the -g option to a sudo command.

Recommendations For versions prior to 1.8.3 p2, update to version 1.8.3 p2 or later. For versions 1.7.x before 1.7.4p5, update to version 1.7.4p5 or later. As a temporary workaround, consider restricting the use of the -g option in sudo commands until a patch is available.