VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Sep 10, 2010· Updated Apr 29, 2026

CVE-2010-2956

CVE-2010-2956

Description

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Affected products

15
  • Todd Miller/Sudo15 versions
    cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

22

News mentions

0

No linked articles in our index yet.