CVE-2010-0427

CWE-2649 documents8 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 76.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Todd Miller Sudo

Timeline

PublishedFeb 25

Latest updateMay 3

Description

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶Debiansudo< 1.7.0-1+3

▶NVDtodd_miller/sudo28 versions+27

Patches

Patch: ftp.sudo.ws ↗Patch: ftp.sudo.ws ↗

🔴Vulnerability Details

GHSA

GHSA-fvmp-m2wj-xqp8: sudo 1↗2022-05-03

▶

CVEList

CVE-2010-0427: sudo 1↗2010-02-25

▶

OSV

CVE-2010-0427: sudo 1↗2010-02-25

▶

📋Vendor Advisories

Ubuntu

sudo vulnerabilities↗2010-02-26

▶

Debian

CVE-2010-0427: sudo - sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not prop...↗2010

▶

Red Hat

sudo: Fails to reset group permissions if runas_default set↗2009-04-27

▶

💬Community

Bugzilla

CVE-2011-0015 CVE-2011-0016 CVE-2011-0427 CVE-2011-0490 CVE-2011-0491 CVE-2011-0492 CVE-2011-0493 CVE-2010-1676 CVE-2010-0383 CVE-2010-0385 tor various flaws [epel-5]↗2011-01-20

▶

Bugzilla

CVE-2010-0427 sudo: Fails to reset group permissions if runas_default set↗2010-02-23

▶