6.2
CVE-2010-2956
- EPSS 0.08%
- Published 10.09.2010 19:00:02
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Data is provided by the National Vulnerability Database (NVD)
Todd Miller ≫ Sudo Version1.7.0
Todd Miller ≫ Sudo Version1.7.1
Todd Miller ≫ Sudo Version1.7.2
Todd Miller ≫ Sudo Version1.7.2p1
Todd Miller ≫ Sudo Version1.7.2p2
Todd Miller ≫ Sudo Version1.7.2p3
Todd Miller ≫ Sudo Version1.7.2p4
Todd Miller ≫ Sudo Version1.7.2p5
Todd Miller ≫ Sudo Version1.7.2p6
Todd Miller ≫ Sudo Version1.7.2p7
Todd Miller ≫ Sudo Version1.7.3b1
Todd Miller ≫ Sudo Version1.7.4
Todd Miller ≫ Sudo Version1.7.4p1
Todd Miller ≫ Sudo Version1.7.4p2
Todd Miller ≫ Sudo Version1.7.4p3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.239 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.2 | 1.9 | 10 |
AV:L/AC:H/Au:N/C:C/I:C/A:C
|