CVE-2010-2956

9 documents8 sources
Severity
6.2MEDIUM
EPSS
0.1%
top 76.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Todd Miller Sudo
Timeline
PublishedSep 10
Latest updateMay 14

Description

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages2 packages

Debiansudo< 1.7.4p4-1+3
NVDtodd_miller/sudo15 versions+14

🔴Vulnerability Details

3
GHSA
GHSA-88qq-68fm-2rxx: Sudo 12022-05-14
CVEList
CVE-2010-2956: Sudo 12010-09-10
OSV
CVE-2010-2956: Sudo 12010-09-10

📋Vendor Advisories

3
Red Hat
sudo: incorrect handling of RunAs specification with both user and group lists2010-09-07
Ubuntu
Sudo vulnerability2010-09-07
Debian
CVE-2010-2956: sudo - Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly ...2010

💬Community

2
Bugzilla
CVE-2010-2956 sudo: incorrect handling of RunAs specification with both user and group lists [fedora-all]2010-09-07
Bugzilla
CVE-2010-2956 sudo: incorrect handling of RunAs specification with both user and group lists2010-08-30
CVE-2010-2956 (MEDIUM CVSS 6.2) | Sudo 1.7.0 through 1.7.4p3 | cvebase.io