Published: 10/09/2010 Updated: 10/10/2018

CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9

VMScore: 552

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Sudo 1.7.0 up to and including 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Vulnerable Product	Search on Vulmon	Subscribe to Product
todd miller sudo 1.7.2p5
todd miller sudo 1.7.0
todd miller sudo 1.7.2p6
todd miller sudo 1.7.2
todd miller sudo 1.7.2p1
todd miller sudo 1.7.4p1
todd miller sudo 1.7.4
todd miller sudo 1.7.2p3
todd miller sudo 1.7.3b1
todd miller sudo 1.7.2p7
todd miller sudo 1.7.4p3
todd miller sudo 1.7.4p2
todd miller sudo 1.7.2p2
todd miller sudo 1.7.2p4
todd miller sudo 1.7.1

Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An updated sudo package that fixes one security issue is now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability S ...

Debian Bug report logs - #595935 CVE-2010-1646: Flaw in Runas group matching Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 7 Sep 2010 12:39:01 UTC Severity: grave Tags: secu ...

Under non-default configurations, a local user could run programs with administrator privileges ...

NVD-CWE-Other http://www.ubuntu.com/usn/USN-983-1 http://www.sudo.ws/sudo/alerts/runas_group.html http://secunia.com/advisories/41316 http://security.gentoo.org/glsa/glsa-201009-03.xml http://www.redhat.com/support/errata/RHSA-2010-0675.html https://bugzilla.redhat.com/show_bug.cgi?id=628628 http://secunia.com/advisories/40508 http://www.vupen.com/english/advisories/2010/2318 http://www.vupen.com/english/advisories/2010/2312 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html http://www.securityfocus.com/bid/43019 http://www.vupen.com/english/advisories/2010/2358 http://www.mandriva.com/security/advisories?name=MDVSA-2010:175 http://www.vupen.com/english/advisories/2010/2320 http://www.securitytracker.com/id?1024392 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://www.vmware.com/security/advisories/VMSA-2011-0001.html http://www.vupen.com/english/advisories/2011/0025 http://secunia.com/advisories/42787 http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.securityfocus.com/archive/1/515545/100/0/threaded http://www.securityfocus.com/archive/1/514489/100/0/threaded https://access.redhat.com/errata/RHSA-2010:0675 https://usn.ubuntu.com/983-1/https://nvd.nist.gov

CVE-2010-2956

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect