// For flags

CVE-2010-0427

sudo: Fails to reset group permissions if runas_default set

Severity Score

4.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

sudo v1.6.x anterior a v1.6.9p21 cuando se utiliza la opciĆ³n runas_default no establece adecuadamente las pertenencias a grupos, esto permite a usuarios locales aumentar sus privilegios mediante un comando sudo.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Local
Attack Complexity
Medium
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-01-27 CVE Reserved
  • 2010-02-25 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (22)
URL Tag Source
http://secunia.com/advisories/38762 Third Party Advisory
http://secunia.com/advisories/38795 Third Party Advisory
http://secunia.com/advisories/38803 Third Party Advisory
http://secunia.com/advisories/38915 Third Party Advisory
http://securitytracker.com/id?1023658 Vdb Entry
http://sudo.ws/repos/sudo/rev/aa0b6c01c462 X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2010-0075 X_refsource_confirm
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2010/02/23/4 Mailing List
http://www.openwall.com/lists/oss-security/2010/02/24/5 Mailing List
http://www.securityfocus.com/archive/1/514489/100/0/threaded Mailing List
http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216 Signature
URL Date SRC
http://www.gratisoft.us/bugzilla/attachment.cgi?id=255 2024-08-07
URL Date SRC
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz 2018-10-10
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html 2018-10-10
http://www.debian.org/security/2010/dsa-2006 2018-10-10
http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml 2018-10-10
http://www.ubuntu.com/usn/USN-905-1 2018-10-10
https://bugzilla.redhat.com/show_bug.cgi?id=567622 2010-02-26
https://access.redhat.com/security/cve/CVE-2010-0427 2010-02-26
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6
Search vendor "Todd Miller" for product "Sudo" and version "1.6"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.1
Search vendor "Todd Miller" for product "Sudo" and version "1.6.1"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.2
Search vendor "Todd Miller" for product "Sudo" and version "1.6.2"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.3
Search vendor "Todd Miller" for product "Sudo" and version "1.6.3"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.3_p1
Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p1"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.3_p2
Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p2"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.3_p3
Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p3"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.3_p4
Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p4"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.3_p5
Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p5"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.3_p6
Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p6"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.3_p7
Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p7"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.4_p1
Search vendor "Todd Miller" for product "Sudo" and version "1.6.4_p1"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.4_p2
Search vendor "Todd Miller" for product "Sudo" and version "1.6.4_p2"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.5
Search vendor "Todd Miller" for product "Sudo" and version "1.6.5"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.5_p1
Search vendor "Todd Miller" for product "Sudo" and version "1.6.5_p1"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.5_p2
Search vendor "Todd Miller" for product "Sudo" and version "1.6.5_p2"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.6
Search vendor "Todd Miller" for product "Sudo" and version "1.6.6"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.7
Search vendor "Todd Miller" for product "Sudo" and version "1.6.7"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.7_p5
Search vendor "Todd Miller" for product "Sudo" and version "1.6.7_p5"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.8
Search vendor "Todd Miller" for product "Sudo" and version "1.6.8"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.8_p1
Search vendor "Todd Miller" for product "Sudo" and version "1.6.8_p1"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.8_p5
Search vendor "Todd Miller" for product "Sudo" and version "1.6.8_p5"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.8_p8
Search vendor "Todd Miller" for product "Sudo" and version "1.6.8_p8"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.8_p9
Search vendor "Todd Miller" for product "Sudo" and version "1.6.8_p9"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.8_p12
Search vendor "Todd Miller" for product "Sudo" and version "1.6.8_p12"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.9_p17
Search vendor "Todd Miller" for product "Sudo" and version "1.6.9_p17"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.9_p18
Search vendor "Todd Miller" for product "Sudo" and version "1.6.9_p18"
-
Affected
Todd Miller
Search vendor "Todd Miller"
 Sudo
Search vendor "Todd Miller" for product "Sudo"
 1.6.9_p19
Search vendor "Todd Miller" for product "Sudo" and version "1.6.9_p19"
-
Affected