CVE-2010-2956
CVE-2010-2956
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=628628http://secunia.com/advisories/40508http://secunia.com/advisories/41316http://secunia.com/advisories/42787http://security.gentoo.org/glsa/glsa-201009-03.xmlhttp://wiki.rpath.com/Advisories:rPSA-2010-0075http://www.mandriva.com/security/advisories?name=MDVSA-2010:175http://www.redhat.com/support/errata/RHSA-2010-0675.htmlhttp://www.securityfocus.com/archive/1/514489/100/0/threadedhttp://www.securityfocus.com/archive/1/515545/100/0/threaded