CVE-2010-2956
First published: Mon Aug 30 2010(Updated: )
A security flaw was found in the way Sudo performed matching for user described by a password against the list of members, allowed to run particular sudo command, when the group option was specified on the command line. If a local, unprivileged user was authorized by sudoers file to run their sudo commands with permissions of a particular group (different to their own), it could lead to privilege escalation (execution of that sudo command with permissions of privileged user account (root)). Acknowledgements: Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sudo | =1.7.2p4 | |
| Sudo | =1.7.0 | |
| Sudo | =1.7.4p2 | |
| Sudo | =1.7.1 | |
| Sudo | =1.7.2p2 | |
| Sudo | =1.7.2p7 | |
| Sudo | =1.7.2 | |
| Sudo | =1.7.4 | |
| Sudo | =1.7.4p3 | |
| Sudo | =1.7.3b1 | |
| Sudo | =1.7.2p1 | |
| Sudo | =1.7.2p3 | |
| Sudo | =1.7.2p5 | |
| Sudo | =1.7.4p1 | |
| Sudo | =1.7.2p6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=441964&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=441964&action=edit
- https://access.redhat.com/security/cve/CVE-2010-2956
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=628628#c0
- http://seclists.org/fulldisclosure/2010/Sep/89
- http://www.sudo.ws/sudo/alerts/runas_group.html
- https://rhn.redhat.com/errata/RHSA-2010-0675.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=630957
- https://bugzilla.redhat.com/show_bug.cgi?id=628628
- http://www.ubuntu.com/usn/USN-983-1
- http://secunia.com/advisories/41316
- http://security.gentoo.org/glsa/glsa-201009-03.xml
- http://www.redhat.com/support/errata/RHSA-2010-0675.html
- http://secunia.com/advisories/40508
- http://www.vupen.com/english/advisories/2010/2318
- http://www.vupen.com/english/advisories/2010/2312
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html
- http://www.securityfocus.com/bid/43019
- http://www.vupen.com/english/advisories/2010/2358
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:175
- http://www.vupen.com/english/advisories/2010/2320
- http://www.securitytracker.com/id?1024392
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://www.vmware.com/security/advisories/VMSA-2011-0001.html
- http://www.vupen.com/english/advisories/2011/0025
- http://secunia.com/advisories/42787
- http://wiki.rpath.com/Advisories:rPSA-2010-0075
- http://www.securityfocus.com/archive/1/515545/100/0/threaded
- http://www.securityfocus.com/archive/1/514489/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-2956?
CVE-2010-2956 has been classified as a medium severity vulnerability.
How do I fix CVE-2010-2956?
To mitigate CVE-2010-2956, update your Sudo installation to the latest version that addresses this vulnerability.
Which versions of Sudo are affected by CVE-2010-2956?
CVE-2010-2956 affects Sudo versions 1.7.0, 1.7.1, 1.7.2, and 1.7.4 up to specific patch levels.
What type of attack does CVE-2010-2956 allow?
CVE-2010-2956 allows a local, unprivileged user to escalate privileges by exploiting misconfigured sudoers rules.
Is there a workaround for CVE-2010-2956?
As a temporary workaround for CVE-2010-2956, consider reviewing and restricting sudo permissions for unprivileged users.
- collector/redhat-bugzilla
- alias/CVE-2010-2956
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/todd miller
- canonical/sudo
- version/sudo/1.7.2p4
- version/sudo/1.7.0
- version/sudo/1.7.4p2
- version/sudo/1.7.1
- version/sudo/1.7.2p2
- version/sudo/1.7.2p7
- version/sudo/1.7.2
- version/sudo/1.7.4
- version/sudo/1.7.4p3
- version/sudo/1.7.3b1
- version/sudo/1.7.2p1
- version/sudo/1.7.2p3
- version/sudo/1.7.2p5
- version/sudo/1.7.4p1
- version/sudo/1.7.2p6