Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Published

2010-09-10T19:00:02.830

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.2 (MEDIUM)

CVSSv2 Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: HIGH
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

1.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application todd_miller sudo 1.7.0 Yes
Application todd_miller sudo 1.7.1 Yes
Application todd_miller sudo 1.7.2 Yes
Application todd_miller sudo 1.7.2p1 Yes
Application todd_miller sudo 1.7.2p2 Yes
Application todd_miller sudo 1.7.2p3 Yes
Application todd_miller sudo 1.7.2p4 Yes
Application todd_miller sudo 1.7.2p5 Yes
Application todd_miller sudo 1.7.2p6 Yes
Application todd_miller sudo 1.7.2p7 Yes
Application todd_miller sudo 1.7.3b1 Yes
Application todd_miller sudo 1.7.4 Yes
Application todd_miller sudo 1.7.4p1 Yes
Application todd_miller sudo 1.7.4p2 Yes
Application todd_miller sudo 1.7.4p3 Yes
References