Search for vulnerabilities
Vulnerability details: VCID-hzj2-svkj-aaaq
Vulnerability ID VCID-hzj2-svkj-aaaq
Aliases CVE-2010-2956
Summary Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
rhas Important https://access.redhat.com/errata/RHSA-2010:0675
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
epss 0.00078 https://api.first.org/data/v1/epss?cve=CVE-2010-2956
cvssv2 6.2 https://nvd.nist.gov/vuln/detail/CVE-2010-2956
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2956.json
https://api.first.org/data/v1/epss?cve=CVE-2010-2956
https://bugzilla.redhat.com/show_bug.cgi?id=628628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2956
http://secunia.com/advisories/40508
http://secunia.com/advisories/41316
http://secunia.com/advisories/42787
http://security.gentoo.org/glsa/glsa-201009-03.xml
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.mandriva.com/security/advisories?name=MDVSA-2010:175
http://www.redhat.com/support/errata/RHSA-2010-0675.html
http://www.securityfocus.com/archive/1/514489/100/0/threaded
http://www.securityfocus.com/archive/1/515545/100/0/threaded
http://www.securityfocus.com/bid/43019
http://www.securitytracker.com/id?1024392
http://www.sudo.ws/sudo/alerts/runas_group.html
http://www.ubuntu.com/usn/USN-983-1
http://www.vmware.com/security/advisories/VMSA-2011-0001.html
http://www.vupen.com/english/advisories/2010/2312
http://www.vupen.com/english/advisories/2010/2318
http://www.vupen.com/english/advisories/2010/2320
http://www.vupen.com/english/advisories/2010/2358
http://www.vupen.com/english/advisories/2011/0025
595935 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595935
cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*
CVE-2010-2956 https://nvd.nist.gov/vuln/detail/CVE-2010-2956
GLSA-201009-03 https://security.gentoo.org/glsa/201009-03
RHSA-2010:0675 https://access.redhat.com/errata/RHSA-2010:0675
USN-983-1 https://usn.ubuntu.com/983-1/
No exploits are available.
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2010-2956
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.10982
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.