VYPR
Unrated severityNVD Advisory· Published Sep 10, 2010· Updated Jun 16, 2026

CVE-2010-2956

CVE-2010-2956

Description

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

16
  • Todd Miller/Sudo15 versions
    cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*
  • Sudo Project/Sudollm-create
    Range: 1.7.0 - 1.7.4p3

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.