Sudo 1.7.0 up to and including 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
todd miller sudo 1.7.2p5 |
||
todd miller sudo 1.7.0 |
||
todd miller sudo 1.7.2p6 |
||
todd miller sudo 1.7.2 |
||
todd miller sudo 1.7.2p1 |
||
todd miller sudo 1.7.4p1 |
||
todd miller sudo 1.7.4 |
||
todd miller sudo 1.7.2p3 |
||
todd miller sudo 1.7.3b1 |
||
todd miller sudo 1.7.2p7 |
||
todd miller sudo 1.7.4p3 |
||
todd miller sudo 1.7.4p2 |
||
todd miller sudo 1.7.2p2 |
||
todd miller sudo 1.7.2p4 |
||
todd miller sudo 1.7.1 |