CVE-2010-2956
published 2010-09-10CVE-2010-2956: Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows…
medium6.2CVSS 3.1
AVLACHAuNCCICAC
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sudo | < sudo 1.7.4p4-1 (bookworm) | sudo 1.7.4p4-1 (bookworm) |
| sudo_project | sudo | >= 0 < 1.7.4p4-1 | 1.7.4p4-1 |
| sudo_project | sudo | >= 0 < 1.7.4p4-1 | 1.7.4p4-1 |
| sudo_project | sudo | >= 0 < 1.7.4p4-1 | 1.7.4p4-1 |
| sudo_project | sudo | >= 0 < 1.7.4p4-1 | 1.7.4p4-1 |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| vmware | esxi | — | — |
| vmware | vmware_workstation | — | — |
CVSS provenance
nvd6.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
osv6.2MEDIUM