6.2

CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Todd MillerSudo Version1.7.0
Todd MillerSudo Version1.7.1
Todd MillerSudo Version1.7.2
Todd MillerSudo Version1.7.2p1
Todd MillerSudo Version1.7.2p2
Todd MillerSudo Version1.7.2p3
Todd MillerSudo Version1.7.2p4
Todd MillerSudo Version1.7.2p5
Todd MillerSudo Version1.7.2p6
Todd MillerSudo Version1.7.2p7
Todd MillerSudo Version1.7.3b1
Todd MillerSudo Version1.7.4
Todd MillerSudo Version1.7.4p1
Todd MillerSudo Version1.7.4p2
Todd MillerSudo Version1.7.4p3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.279
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.securityfocus.com/archive/1/514489/100/0/threaded
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://secunia.com/advisories/40508
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201009-03.xml
http://secunia.com/advisories/42787
http://www.securityfocus.com/archive/1/515545/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0001.html
http://www.vupen.com/english/advisories/2011/0025
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html
http://secunia.com/advisories/41316
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:175
http://www.redhat.com/support/errata/RHSA-2010-0675.html
http://www.securityfocus.com/bid/43019
http://www.securitytracker.com/id?1024392
http://www.sudo.ws/sudo/alerts/runas_group.html
Vendor Advisory
http://www.ubuntu.com/usn/USN-983-1
http://www.vupen.com/english/advisories/2010/2312
http://www.vupen.com/english/advisories/2010/2318
http://www.vupen.com/english/advisories/2010/2320
http://www.vupen.com/english/advisories/2010/2358
https://bugzilla.redhat.com/show_bug.cgi?id=628628