Your submission was sent successfully! Close

CVE-2010-2956

Published: 31 August 2010

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Notes

AuthorNote
jdstrand
root escalation, but requires non-standard sudoers setup
sudo 1.6 is not affected (does not have '-g' option)
Priority

Medium

Status

Package Release Status
sudo
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Not vulnerable

jaunty Not vulnerable

karmic
Released (1.7.0-1ubuntu2.5)
lucid
Released (1.7.2p1-1ubuntu5.2)
upstream Pending
(1.7.4p4)