CVE Vulnerabilities

CVE-2010-2956

Published: Sep 10, 2010 | Modified: Oct 10, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.2 MEDIUM
AV:L/AC:H/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a -u root sequence.

Affected Software

Name Vendor Start Version End Version
Sudo Todd_miller 1.7.2p4 1.7.2p4
Sudo Todd_miller 1.7.0 1.7.0
Sudo Todd_miller 1.7.4p2 1.7.4p2
Sudo Todd_miller 1.7.1 1.7.1
Sudo Todd_miller 1.7.2p2 1.7.2p2
Sudo Todd_miller 1.7.2p7 1.7.2p7
Sudo Todd_miller 1.7.2 1.7.2
Sudo Todd_miller 1.7.4 1.7.4
Sudo Todd_miller 1.7.4p3 1.7.4p3
Sudo Todd_miller 1.7.3b1 1.7.3b1
Sudo Todd_miller 1.7.2p1 1.7.2p1
Sudo Todd_miller 1.7.2p3 1.7.2p3
Sudo Todd_miller 1.7.2p5 1.7.2p5
Sudo Todd_miller 1.7.4p1 1.7.4p1
Sudo Todd_miller 1.7.2p6 1.7.2p6

References