CVE

Id
45540  
CVE No.
CVE-2010-2956  
Status
Candidate  
Description
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.  
Phase
Assigned (20100804)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
496085 45540 CVE-2010-2956 BUGTRAQ:20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap  View
496086 45540 CVE-2010-2956 URL:http://www.securityfocus.com/archive/1/archive/1/515545/100/0/threaded  View
496087 45540 CVE-2010-2956 BUGTRAQ:20101027 rPSA-2010-0075-1 sudo  View
496088 45540 CVE-2010-2956 URL:http://www.securityfocus.com/archive/1/archive/1/514489/100/0/threaded  View
496089 45540 CVE-2010-2956 CONFIRM:http://www.sudo.ws/sudo/alerts/runas_group.html  View
496090 45540 CVE-2010-2956 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=628628  View
496091 45540 CVE-2010-2956 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2011-0001.html  View
496092 45540 CVE-2010-2956 CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2010-0075  View
496093 45540 CVE-2010-2956 FEDORA:FEDORA-2010-14355  View
496094 45540 CVE-2010-2956 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html  View
496095 45540 CVE-2010-2956 GENTOO:GLSA-201009-03  View
496096 45540 CVE-2010-2956 URL:http://security.gentoo.org/glsa/glsa-201009-03.xml  View
496097 45540 CVE-2010-2956 MANDRIVA:MDVSA-2010:175  View
496098 45540 CVE-2010-2956 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:175  View
496099 45540 CVE-2010-2956 REDHAT:RHSA-2010:0675  View
496100 45540 CVE-2010-2956 URL:http://www.redhat.com/support/errata/RHSA-2010-0675.html  View
496101 45540 CVE-2010-2956 SUSE:SUSE-SR:2010:017  View
496102 45540 CVE-2010-2956 URL:http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html  View
496103 45540 CVE-2010-2956 UBUNTU:USN-983-1  View
496104 45540 CVE-2010-2956 URL:http://www.ubuntu.com/usn/USN-983-1  View
496105 45540 CVE-2010-2956 BID:43019  View
496106 45540 CVE-2010-2956 URL:http://www.securityfocus.com/bid/43019  View
496107 45540 CVE-2010-2956 SECTRACK:1024392  View
496108 45540 CVE-2010-2956 URL:http://www.securitytracker.com/id?1024392  View
496109 45540 CVE-2010-2956 SECUNIA:40508  View
496110 45540 CVE-2010-2956 URL:http://secunia.com/advisories/40508  View
496111 45540 CVE-2010-2956 SECUNIA:41316  View
496112 45540 CVE-2010-2956 URL:http://secunia.com/advisories/41316  View
496113 45540 CVE-2010-2956 SECUNIA:42787  View
496114 45540 CVE-2010-2956 URL:http://secunia.com/advisories/42787  View
496115 45540 CVE-2010-2956 VUPEN:ADV-2010-2312  View
496116 45540 CVE-2010-2956 URL:http://www.vupen.com/english/advisories/2010/2312  View
496117 45540 CVE-2010-2956 VUPEN:ADV-2010-2318  View
496118 45540 CVE-2010-2956 URL:http://www.vupen.com/english/advisories/2010/2318  View
496119 45540 CVE-2010-2956 VUPEN:ADV-2010-2320  View
496120 45540 CVE-2010-2956 URL:http://www.vupen.com/english/advisories/2010/2320  View
496121 45540 CVE-2010-2956 VUPEN:ADV-2010-2358  View
496122 45540 CVE-2010-2956 URL:http://www.vupen.com/english/advisories/2010/2358  View
496123 45540 CVE-2010-2956 VUPEN:ADV-2011-0025  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
37208 JVNDB-2010-002993 Linux kernel の keyctl_session_to_parent 関数におけるサービス運用妨害 (DoS) の脆弱性 Linux kernel の security/keys/keyctl.c のkeyctl_session_to_parent 関数は、特定のペアレントセッションキーリングの存在を想定するため、サービス運用妨害 (NULL ポインタデリファレンスおよびシステムクラッシュ) 状態となる脆弱性が存在します。 CVE-2010-2960 45540 7.2 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002993.html  View