Vulnerability in Todd_miller Sudo
CVE-2010-0427
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
EPSS: 0.001 (23.2th percentile) — read the EPSS interpretation.
Affected products
- Todd_miller Sudo — versions 1.6.2, 1.6.4_p1, 1.6
- N/a — versions n/a
Weakness classification (CWE)
References
- SUSE-SR:2010:006 (vendor-advisory, x_refsource_SUSE)
- 38762 (x_refsource_SECUNIA, third-party-advisory)
- 38795 (x_refsource_SECUNIA, third-party-advisory)
- 38803 (x_refsource_SECUNIA, third-party-advisory)
- 38915 (x_refsource_SECUNIA, third-party-advisory)
- 1023658 (vdb-entry, x_refsource_SECTRACK)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- DSA-2006 (vendor-advisory, x_refsource_DEBIAN)
- GLSA-201003-01 (vendor-advisory, x_refsource_GENTOO)