Vulnerability Description
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
CVSS Score
4.4
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Todd Miller | Sudo | 1.6 |
Related Weaknesses (CWE)
References
- ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gzPatch
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://secunia.com/advisories/38762
- http://secunia.com/advisories/38795
- http://secunia.com/advisories/38803
- http://secunia.com/advisories/38915
- http://securitytracker.com/id?1023658
- http://sudo.ws/repos/sudo/rev/aa0b6c01c462
- http://wiki.rpath.com/Advisories:rPSA-2010-0075
- http://www.debian.org/security/2010/dsa-2006
- http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
- http://www.gratisoft.us/bugzilla/attachment.cgi?id=255Exploit
- http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349
- http://www.openwall.com/lists/oss-security/2010/02/23/4
- http://www.openwall.com/lists/oss-security/2010/02/24/5
FAQ
What is CVE-2010-0427?
CVE-2010-0427 is a vulnerability with a CVSS score of 4.4 (MEDIUM). sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
How severe is CVE-2010-0427?
CVE-2010-0427 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0427?
Check the references section above for vendor advisories and patch information. Affected products include: Todd Miller Sudo.