CVE-2010-0427

NONE EPSS 36.8%
Published Feb 25, 201016y ago · Modified Jun 16, 20262w ago
Find Similar
Published Feb 25, 2010 16y ago
Last Modified Jun 16, 2026 2w ago

Description

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

Threat Intelligence

EPSS Exploit Probability
36.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-264

Affected Products 28

VendorProductVersionRange
todd_millersudo1.6any
todd_millersudo1.6.1any
todd_millersudo1.6.2any
todd_millersudo1.6.3any
todd_millersudo1.6.3_p1any
todd_millersudo1.6.3_p2any
todd_millersudo1.6.3_p3any
todd_millersudo1.6.3_p4any
todd_millersudo1.6.3_p5any
todd_millersudo1.6.3_p6any
todd_millersudo1.6.3_p7any
todd_millersudo1.6.4_p1any
todd_millersudo1.6.4_p2any
todd_millersudo1.6.5any
todd_millersudo1.6.5_p1any
todd_millersudo1.6.5_p2any
todd_millersudo1.6.6any
todd_millersudo1.6.7any
todd_millersudo1.6.7_p5any
todd_millersudo1.6.8any
todd_millersudo1.6.8_p1any
todd_millersudo1.6.8_p5any
todd_millersudo1.6.8_p8any
todd_millersudo1.6.8_p9any
todd_millersudo1.6.8_p12any
todd_millersudo1.6.9_p17any
todd_millersudo1.6.9_p18any
todd_millersudo1.6.9_p19any

References 21

  • ftp.sudo.ws ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz
    Patch
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
  • secunia.com http://secunia.com/advisories/38762
  • secunia.com http://secunia.com/advisories/38795
  • secunia.com http://secunia.com/advisories/38803
  • secunia.com http://secunia.com/advisories/38915
  • securitytracker.com http://securitytracker.com/id?1023658
  • sudo.ws http://sudo.ws/repos/sudo/rev/aa0b6c01c462
  • wiki.rpath.com http://wiki.rpath.com/Advisories:rPSA-2010-0075
  • debian.org http://www.debian.org/security/2010/dsa-2006
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
  • gratisoft.us http://www.gratisoft.us/bugzilla/attachment.cgi?id=255
    Exploit
  • gratisoft.us http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349
  • openwall.com http://www.openwall.com/lists/oss-security/2010/02/23/4
  • openwall.com http://www.openwall.com/lists/oss-security/2010/02/24/5
  • securityfocus.com http://www.securityfocus.com/archive/1/514489/100/0/threaded
  • sudo.ws http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8
  • ubuntu.com http://www.ubuntu.com/usn/USN-905-1
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=567622
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216

Remediation

  • ftp.sudo.ws ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz
    Patch