Search for vulnerabilities
Vulnerability details: VCID-dwte-xyqg-aaaf
Vulnerability ID VCID-dwte-xyqg-aaaf
Aliases CVE-2010-0427
Summary sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
rhas Important https://access.redhat.com/errata/RHSA-2010:0122
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2010-0427
generic_textual MODERATE http://secunia.com/advisories/38915
cvssv2 4.4 https://nvd.nist.gov/vuln/detail/CVE-2010-0427
Reference id Reference type URL
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0427.json
https://api.first.org/data/v1/epss?cve=CVE-2010-0427
https://bugzilla.redhat.com/show_bug.cgi?id=567622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0427
http://secunia.com/advisories/38762
http://secunia.com/advisories/38795
http://secunia.com/advisories/38803
http://secunia.com/advisories/38915
http://securitytracker.com/id?1023658
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216
http://sudo.ws/repos/sudo/rev/aa0b6c01c462
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.debian.org/security/2010/dsa-2006
http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
http://www.gratisoft.us/bugzilla/attachment.cgi?id=255
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349
http://www.openwall.com/lists/oss-security/2010/02/23/4
http://www.openwall.com/lists/oss-security/2010/02/24/5
http://www.securityfocus.com/archive/1/514489/100/0/threaded
http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8
http://www.ubuntu.com/usn/USN-905-1
cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*
CVE-2010-0427 https://nvd.nist.gov/vuln/detail/CVE-2010-0427
GLSA-201003-01 https://security.gentoo.org/glsa/201003-01
RHSA-2010:0122 https://access.redhat.com/errata/RHSA-2010:0122
USN-905-1 https://usn.ubuntu.com/905-1/
No exploits are available.
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-0427
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.10982
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.