CVE-2010-2956

Summary

CVE	CVE-2010-2956
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2010-09-10 19:00:00 UTC
Updated	2018-10-10 20:00:00 UTC
Description	Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Todd Miller	Sudo	1.7.0	All	All	All
Application	Todd Miller	Sudo	1.7.1	All	All	All
Application	Todd Miller	Sudo	1.7.2	All	All	All
Application	Todd Miller	Sudo	1.7.2p1	All	All	All
Application	Todd Miller	Sudo	1.7.2p2	All	All	All
Application	Todd Miller	Sudo	1.7.2p3	All	All	All
Application	Todd Miller	Sudo	1.7.2p4	All	All	All
Application	Todd Miller	Sudo	1.7.2p5	All	All	All
Application	Todd Miller	Sudo	1.7.2p6	All	All	All
Application	Todd Miller	Sudo	1.7.2p7	All	All	All
Application	Todd Miller	Sudo	1.7.3b1	All	All	All
Application	Todd Miller	Sudo	1.7.4	All	All	All
Application	Todd Miller	Sudo	1.7.4p1	All	All	All
Application	Todd Miller	Sudo	1.7.4p2	All	All	All
Application	Todd Miller	Sudo	1.7.4p3	All	All	All
Application	Todd Miller	Sudo	1.7.0	All	All	All
Application	Todd Miller	Sudo	1.7.1	All	All	All
Application	Todd Miller	Sudo	1.7.2	All	All	All
Application	Todd Miller	Sudo	1.7.2p1	All	All	All
Application	Todd Miller	Sudo	1.7.2p2	All	All	All
Application	Todd Miller	Sudo	1.7.2p3	All	All	All
Application	Todd Miller	Sudo	1.7.2p4	All	All	All
Application	Todd Miller	Sudo	1.7.2p5	All	All	All
Application	Todd Miller	Sudo	1.7.2p6	All	All	All
Application	Todd Miller	Sudo	1.7.2p7	All	All	All
Application	Todd Miller	Sudo	1.7.3b1	All	All	All
Application	Todd Miller	Sudo	1.7.4	All	All	All
Application	Todd Miller	Sudo	1.7.4p1	All	All	All
Application	Todd Miller	Sudo	1.7.4p2	All	All	All
Application	Todd Miller	Sudo	1.7.4p3	All	All	All

References

Reference	Source	Link	Tags
Gentoo Linux Documentation -- sudo: Privilege Escalation	GENTOO	security.gentoo.org
Support \| Red Hat	REDHAT	www.redhat.com
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:017	SUSE	lists.opensuse.org
Sudo Runas Group Matching Vulnerability - Advisories - Community	SECUNIA	secunia.com	Vendor Advisory
wiki.rpath.com/Advisories:rPSA-2010-0075	CONFIRM	wiki.rpath.com
Bug 628628 – CVE-2010-2956 sudo: incorrect handling of RunAs specification with both user and group lists	CONFIRM	bugzilla.redhat.com
Flaw in Runas group matching	CONFIRM	www.sudo.ws	Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
VMware ESX Console OS (COS) Multiple Vulnerabilities - Advisories - Community	SECUNIA	secunia.com
[SECURITY] Fedora 13 Update: sudo-1.7.4p4-1.fc13	FEDORA	lists.fedoraproject.org
Todd Miller Sudo Runas Group Local Privilege Escalation Vulnerability	BID	www.securityfocus.com
Support / Security / Advisories / / MDVSA-2010:175 \| Mandriva	MANDRIVA	www.mandriva.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
VUPEN Security - Offensive Cyber Security	VUPEN	www.vupen.com
VUPEN Security - Offensive Cyber Security	VUPEN	www.vupen.com
Gentoo update for sudo - Advisories - Community	SECUNIA	secunia.com	Vendor Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
USN-983-1: Sudo vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
VUPEN Security - Offensive Cyber Security	VUPEN	www.vupen.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
VMSA-2011-0001	CONFIRM	www.vmware.com
SecurityTracker.com Archives - Sudo Runas Group Matching Error Lets Local Users Gain Elevated Privileges	SECTRACK	www.securitytracker.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.