Published: 25/02/2010 Updated: 10/10/2018

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

sudo 1.6.x prior to 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
todd miller sudo 1.6.3_p2
todd miller sudo 1.6.3_p3
todd miller sudo 1.6.3_p7
todd miller sudo 1.6.4_p1
todd miller sudo 1.6.7_p5
todd miller sudo 1.6.8
todd miller sudo 1.6.9_p17
todd miller sudo 1.6.9_p19
todd miller sudo 1.6.3_p1
todd miller sudo 1.6.3_p4
todd miller sudo 1.6.3_p5
todd miller sudo 1.6.4_p2
todd miller sudo 1.6.5_p1
todd miller sudo 1.6.8_p1
todd miller sudo 1.6.8_p12
todd miller sudo 1.6.2
todd miller sudo 1.6.3
todd miller sudo 1.6.7
todd miller sudo 1.6.5
todd miller sudo 1.6.8_p9
todd miller sudo 1.6.9_p18
todd miller sudo 1.6.3_p6
todd miller sudo 1.6
todd miller sudo 1.6.1
todd miller sudo 1.6.5_p2
todd miller sudo 1.6.6
todd miller sudo 1.6.8_p5
todd miller sudo 1.6.8_p8

Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An updated sudo package that fixes two security issues is now available forRed Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security Response Team Descri ...

Debian Bug report logs - #570737 sudoedit permission in sudoers grants permission to any sudoedit executables Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: neonsignal-debian@memepressorg Date: Sun, 21 Feb 2010 03:33:02 UTC Severity: grav ...

It was discovered that sudo did not properly validate the path for the ‘sudoedit’ pseudo-command A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit The sudoedit pseudo-command is not used in the default installation of Ubuntu (CVE-2010-0426) ...

Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0426 It was discovered that sudo when a pseudo-command is enabled, permits a match between the name of the pseudo-command ...

CWE-264 https://bugzilla.redhat.com/show_bug.cgi?id=567622 http://www.openwall.com/lists/oss-security/2010/02/23/4 http://sudo.ws/repos/sudo/rev/aa0b6c01c462 http://www.gratisoft.us/bugzilla/attachment.cgi?id=255 http://www.openwall.com/lists/oss-security/2010/02/24/5 http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349 ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8 http://secunia.com/advisories/38915 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38795 http://www.ubuntu.com/usn/USN-905-1 http://securitytracker.com/id?1023658 http://secunia.com/advisories/38803 http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml http://www.debian.org/security/2010/dsa-2006 http://secunia.com/advisories/38762 http://wiki.rpath.com/Advisories:rPSA-2010-0075 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946 http://www.securityfocus.com/archive/1/514489/100/0/threaded https://access.redhat.com/errata/RHSA-2010:0122 https://usn.ubuntu.com/905-1/https://nvd.nist.gov

CVE-2010-0427

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect