diff options
author | rea <rea@FreeBSD.org> | 2011-01-13 22:09:25 +0800 |
---|---|---|
committer | rea <rea@FreeBSD.org> | 2011-01-13 22:09:25 +0800 |
commit | be7153b40321d8800e1d2b749abf16946283e69b (patch) | |
tree | e07c61e3143b3567f54211b4c585c474cadca310 /security | |
parent | 1f792e048cc175112daae516f1e12aa25b81cd8f (diff) | |
download | freebsd-ports-gnome-be7153b40321d8800e1d2b749abf16946283e69b.tar.gz freebsd-ports-gnome-be7153b40321d8800e1d2b749abf16946283e69b.tar.zst freebsd-ports-gnome-be7153b40321d8800e1d2b749abf16946283e69b.zip |
security/sudo: document privilege escalation, CVE-2011-0010
PR: 153939
Approved by: delphij (secteam), erwin (mentor)
Feature safe: yes
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e1ea8450bcbe..37ab20e9c1af 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="908f4cf2-1e8b-11e0-a587-001b77d09812"> + <topic>sudo -- local privilege escalation</topic> + <affects> + <package> + <name>sudo</name> + <range><ge>1.7.0</ge><lt>1.7.4.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Todd Miller reports:</p> + <blockquote cite="http://www.sudo.ws/sudo/alerts/runas_group_pw.html"> + <p>Beginning with sudo version 1.7.0 it has been possible + to grant permission to run a command using a specified + group via sudo's -g option (run as group), if allowed by + the sudoers file. A flaw exists in sudo's password + checking logic that allows a user to run a command + with only the group changed without being prompted + for a password.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-0010</cvename> + <url>http://www.sudo.ws/sudo/alerts/runas_group_pw.html</url> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641</url> + </references> + <dates> + <discovery>2011-01-11</discovery> + <entry>2011-01-13</entry> + </dates> + </vuln> + <vuln vid="71612099-1e93-11e0-a587-001b77d09812"> <topic>subversion -- multiple DoS</topic> <affects> |