SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2010-0427

Date: (C)2010-02-25 (M)2023-12-22

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.4
Exploit Score: 3.4
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1023658

http://www.securityfocus.com/archive/1/514489/100/0/threaded

SUSE-SR:2010:006

http://www.openwall.com/lists/oss-security/2010/02/23/4

http://www.openwall.com/lists/oss-security/2010/02/24/5

ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz

http://sudo.ws/repos/sudo/rev/aa0b6c01c462

http://wiki.rpath.com/Advisories:rPSA-2010-0075

http://www.gratisoft.us/bugzilla/attachment.cgi?id=255

http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349

http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8

https://bugzilla.redhat.com/show_bug.cgi?id=567622

oval:org.mitre.oval:def:10946

oval:org.mitre.oval:def:7216

cpe:/a:todd_miller:sudo:1.6.8
cpe:/a:todd_miller:sudo:1.6
cpe:/a:todd_miller:sudo:1.6.7
cpe:/a:todd_miller:sudo:1.6.3
...

oval:org.secpod.oval:def:500307
oval:org.secpod.oval:def:700000
oval:org.secpod.oval:def:201802
oval:org.secpod.oval:def:301139
...

© SecPod Technologies