Privilege Escalation via Sudoers File Interpretation Vulnerability

Privilege Escalation via Sudoers File Interpretation Vulnerability

CVE-2011-0008 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

Learn more about our Cis Benchmark Audit For Fedora Family Linux.