Showing 1 - 4 of 4

CVE-2010-2956

Status Candidate

Overview

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Related Files

VMware Security Advisory 2011-0001: Posted Jan 6, 2011; Authored by VMware | Site vmware.com; VMware Security Advisory 2011-0001 - ESX 4.0 Service Console OS (COS) updates for glibc, sudo, and openldap packages.; tags | advisory; advisories | CVE-2010-0211, CVE-2010-0212, CVE-2010-2956, CVE-2010-3847, CVE-2010-3856; SHA-256 | c46f8a177cb54cdf53c56e8c0fc1617a7a611c96438fab66c017b274544829ed; Download | Favorite | View

Mandriva Linux Security Advisory 2010-175: Posted Sep 13, 2010; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2010-175 - Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a -u root sequence. The updated packages have been patched to correct this issue.; tags | advisory, local, root; systems | linux, mandriva; advisories | CVE-2010-2956; SHA-256 | a2bbd5c115c98d917d40c978584d00aaf8a43d678490fb1e3a41bf3c453d8677; Download | Favorite | View

Ubuntu Security Notice 983-1: Posted Sep 8, 2010; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 983-1 - Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group.; tags | advisory, arbitrary, local, root; systems | linux, ubuntu; advisories | CVE-2010-2956; SHA-256 | 62d38ec064d0f0ae54ffdd39f4c5cebe6d080d478403d1d548b88dc150afceba; Download | Favorite | View

Gentoo Linux Security Advisory 201009-3: Posted Sep 8, 2010; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201009-3 - The secure path feature and group handling in sudo allow local attackers to escalate privileges. Versions less than 1.7.4_p3-r1 are affected.; tags | advisory, local; systems | linux, gentoo; advisories | CVE-2010-1646, CVE-2010-2956; SHA-256 | 64d26ed806b78f1b66f52278ea929c7c037d7db811b81866bdff928a6b17c6fb; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2010-2956

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems