CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Published: Sep 10, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-2956
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.2
AV:L/AC:H/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
todd_miller / sudo	1.7.2p4	1.7.2p4.x
todd_miller / sudo	1.7.0	1.7.0.x
todd_miller / sudo	1.7.4p2	1.7.4p2.x
todd_miller / sudo	1.7.1	1.7.1.x
todd_miller / sudo	1.7.2p2	1.7.2p2.x
todd_miller / sudo	1.7.2p7	1.7.2p7.x
todd_miller / sudo	1.7.2	1.7.2.x
todd_miller / sudo	1.7.4	1.7.4.x
todd_miller / sudo	1.7.4p3	1.7.4p3.x
todd_miller / sudo	1.7.3b1	1.7.3b1.x
todd_miller / sudo	1.7.2p1	1.7.2p1.x
todd_miller / sudo	1.7.2p3	1.7.2p3.x
todd_miller / sudo	1.7.2p5	1.7.2p5.x
todd_miller / sudo	1.7.4p1	1.7.4p1.x
todd_miller / sudo	1.7.2p6	1.7.2p6.x

Vulnerability Database

289,689

CVE-2010-2956