Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-09-10T18:00:00

Updated: 2024-08-07T02:55:46.374Z

Reserved: 2010-08-04T00:00:00

Link: CVE-2010-2956

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-09-10T19:00:02.830

Modified: 2024-11-21T01:17:43.877

Link: CVE-2010-2956

cve-icon Redhat

Severity : Important

Publid Date: 2010-09-07T00:00:00Z

Links: CVE-2010-2956 - Bugzilla