CVE-2011-0008 — MEDIUM (6.9)

Q: How severe is CVE-2011-0008?

CVE-2011-0008 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-0008?

Check the references section above for vendor advisories and patch information. Affected products include: Todd Miller Sudo, Redhat Fedora.

Vulnerability Description

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Todd Miller	Sudo	<= 1.7.4p5
Redhat	Fedora	14

References

FAQ

What is CVE-2011-0008?

CVE-2011-0008 is a vulnerability with a CVSS score of 6.9 (MEDIUM). A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who ...

How severe is CVE-2011-0008?

CVE-2011-0008 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-0008?

Check the references section above for vendor advisories and patch information. Affected products include: Todd Miller Sudo, Redhat Fedora.