CVE-2010-2956

Severity

62%

Complexity

19%

Confidentiality

165%

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

CVSS 2.0 Base Score 6.2. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (AV:L/AC:H/Au:N/C:C/I:C/A:C).

Overview

Type

Todd Miller Sudo

First reported 14 years ago

2010-09-10 19:00:00

Last updated 6 years ago

2018-10-10 20:00:00

Affected Software

Todd Miller Sudo 1.7.0

1.7.0

Todd Miller Sudo 1.7.1

1.7.1

Todd Miller Sudo 1.7.2

1.7.2

Todd Miller Sudo 1.7.2p1

1.7.2p1

Todd Miller Sudo 1.7.2p2

1.7.2p2

Todd Miller Sudo 1.7.2p3

1.7.2p3

Todd Miller Sudo 1.7.2p4

1.7.2p4

Todd Miller Sudo 1.7.2p5

1.7.2p5

Todd Miller Sudo 1.7.2p6

1.7.2p6

Todd Miller Sudo 1.7.2p7

1.7.2p7

Todd Miller Sudo 1.7.3b1

1.7.3b1

Todd Miller Sudo 1.7.4

1.7.4

Todd Miller Sudo 1.7.4p1

1.7.4p1

Todd Miller Sudo 1.7.4p2

1.7.4p2

Todd Miller Sudo 1.7.4p3

1.7.4p3

References

FEDORA-2010-14355

SUSE-SR:2010:017

40508

Vendor Advisory

41316

Vendor Advisory

42787

GLSA-201009-03

http://wiki.rpath.com/Advisories:rPSA-2010-0075

MDVSA-2010:175

RHSA-2010:0675

20101027 rPSA-2010-0075-1 sudo

20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap

43019

1024392

http://www.sudo.ws/sudo/alerts/runas_group.html

Vendor Advisory

USN-983-1

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

ADV-2010-2312

ADV-2010-2318

ADV-2010-2320

ADV-2010-2358

ADV-2011-0025

https://bugzilla.redhat.com/show_bug.cgi?id=628628

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2010-2956

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

Type

First reported 14 years ago

Last updated 6 years ago

Affected Software

Todd Miller Sudo 1.7.0

Todd Miller Sudo 1.7.1

Todd Miller Sudo 1.7.2

Todd Miller Sudo 1.7.2p1

Todd Miller Sudo 1.7.2p2

Todd Miller Sudo 1.7.2p3

Todd Miller Sudo 1.7.2p4

Todd Miller Sudo 1.7.2p5

Todd Miller Sudo 1.7.2p6

Todd Miller Sudo 1.7.2p7

Todd Miller Sudo 1.7.3b1

Todd Miller Sudo 1.7.4

Todd Miller Sudo 1.7.4p1

Todd Miller Sudo 1.7.4p2

Todd Miller Sudo 1.7.4p3

References

FEDORA-2010-14355

SUSE-SR:2010:017

40508

41316

42787

GLSA-201009-03

http://wiki.rpath.com/Advisories:rPSA-2010-0075

MDVSA-2010:175

RHSA-2010:0675

20101027 rPSA-2010-0075-1 sudo

20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap

43019

1024392

http://www.sudo.ws/sudo/alerts/runas_group.html

USN-983-1

http://www.vmware.com/security/advisories/VMSA-2011-0001.html

ADV-2010-2312

ADV-2010-2318

ADV-2010-2320

ADV-2010-2358

ADV-2011-0025

https://bugzilla.redhat.com/show_bug.cgi?id=628628

Stay updated

Get in touch