Vulnerability-Lookup

CVE-2010-0427 (GCVE-0-2010-0427)

Vulnerability from cvelistv5 – Published: 2010-02-25 19:00 – Updated: 2024-08-07 00:45

Summary

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

FKIE_CVE-2010-0427

Vulnerability from fkie_nvd - Published: 2010-02-25 19:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

References

URL	Tags
secalert@redhat.com	ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz	Patch
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
secalert@redhat.com	http://secunia.com/advisories/38762
secalert@redhat.com	http://secunia.com/advisories/38795
secalert@redhat.com	http://secunia.com/advisories/38803
secalert@redhat.com	http://secunia.com/advisories/38915
secalert@redhat.com	http://securitytracker.com/id?1023658
secalert@redhat.com	http://sudo.ws/repos/sudo/rev/aa0b6c01c462
secalert@redhat.com	http://wiki.rpath.com/Advisories:rPSA-2010-0075
secalert@redhat.com	http://www.debian.org/security/2010/dsa-2006
secalert@redhat.com	http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
secalert@redhat.com	http://www.gratisoft.us/bugzilla/attachment.cgi?id=255	Exploit
secalert@redhat.com	http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/02/23/4
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/02/24/5
secalert@redhat.com	http://www.securityfocus.com/archive/1/514489/100/0/threaded
secalert@redhat.com	http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8
secalert@redhat.com	http://www.ubuntu.com/usn/USN-905-1
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=567622
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38762
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38795
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38803
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38915
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023658
af854a3a-2127-422b-91ae-364da2661108	http://sudo.ws/repos/sudo/rev/aa0b6c01c462
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2010-0075
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2006
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.gratisoft.us/bugzilla/attachment.cgi?id=255	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/02/23/4
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/02/24/5
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/514489/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-905-1
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=567622
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216

Impacted products

Vendor	Product	Version
todd_miller	sudo	1.6
todd_miller	sudo	1.6.1
todd_miller	sudo	1.6.2
todd_miller	sudo	1.6.3
todd_miller	sudo	1.6.3_p1
todd_miller	sudo	1.6.3_p2
todd_miller	sudo	1.6.3_p3
todd_miller	sudo	1.6.3_p4
todd_miller	sudo	1.6.3_p5
todd_miller	sudo	1.6.3_p6
todd_miller	sudo	1.6.3_p7
todd_miller	sudo	1.6.4_p1
todd_miller	sudo	1.6.4_p2
todd_miller	sudo	1.6.5
todd_miller	sudo	1.6.5_p1
todd_miller	sudo	1.6.5_p2
todd_miller	sudo	1.6.6
todd_miller	sudo	1.6.7
todd_miller	sudo	1.6.7_p5
todd_miller	sudo	1.6.8
todd_miller	sudo	1.6.8_p1
todd_miller	sudo	1.6.8_p5
todd_miller	sudo	1.6.8_p8
todd_miller	sudo	1.6.8_p9
todd_miller	sudo	1.6.8_p12
todd_miller	sudo	1.6.9_p17
todd_miller	sudo	1.6.9_p18
todd_miller	sudo	1.6.9_p19

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B29018-B495-482A-8FF7-66821A178F9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "38718561-70C7-4E0D-9313-87A5E82ED338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D057064A-9B34-4224-97BA-4D5840A92BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C297DC-69B1-4BE6-A5EF-D320BD0CA968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "338A92AC-92D2-40BF-9FAC-884AF6F74D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5170421-BA0C-4365-9CD6-BD232EA08680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5909AAA4-4AF9-4D23-87C5-5D7787909B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03C07744-CAE8-44C6-965E-2A09BAE1F36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B17E0E59-C928-49AB-BAA7-4AE638B376D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C898BE7-506D-49DA-8619-F86C7A9FE902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F7E821-2908-47F1-9665-E9D68ECC242F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79C7098-37D0-4E6E-A22C-3C771D81956F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5688D95-89EF-4D2E-9728-2316CAC3CBE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B69E49B2-1B3C-4434-ACF1-CF4F519E3C32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B2C299-5D0B-44DA-91FD-4B1146BE9A7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*",
              "matchCriteriaId": "471284F9-21EF-4ED6-860F-AB86154CCDF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C91FEB5-CEF5-4C66-A8D2-AE80EA32B10D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*",
              "matchCriteriaId": "E106EBA5-14B3-48F7-BE00-9F0ABD57C33B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command."
    },
    {
      "lang": "es",
      "value": "sudo v1.6.x anterior a v1.6.9p21 cuando se utiliza la opci\u00f3n runas_default no establece adecuadamente las pertenencias a grupos, esto permite a usuarios locales aumentar sus privilegios mediante un comando sudo."
    }
  ],
  "id": "CVE-2010-0427",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-02-25T19:30:00.517",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38762"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38795"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38803"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38915"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1023658"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sudo.ws/repos/sudo/rev/aa0b6c01c462"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2006"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.gratisoft.us/bugzilla/attachment.cgi?id=255"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/02/23/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/02/24/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7\u0026r2=1.30.2.8"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-905-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567622"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sudo.ws/repos/sudo/rev/aa0b6c01c462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.gratisoft.us/bugzilla/attachment.cgi?id=255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/02/23/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/02/24/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7\u0026r2=1.30.2.8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-905-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0122.html\n\nIt did not affect the versions of the sudo packages as shipped with Red Hat Enterprise Linux 3 and 4.",
      "lastModified": "2010-03-02T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2010-0427

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

Aliases

CVE-2010-0427

Aliases

CVE-2010-0427

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0427",
    "description": "sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.",
    "id": "GSD-2010-0427",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-0427.html",
      "https://www.debian.org/security/2010/dsa-2006",
      "https://access.redhat.com/errata/RHSA-2010:0122",
      "https://linux.oracle.com/cve/CVE-2010-0427.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0427"
      ],
      "details": "sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.",
      "id": "GSD-2010-0427",
      "modified": "2023-12-13T01:21:28.769257Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2010-0427",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
          },
          {
            "name": "http://secunia.com/advisories/38915",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38915"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/514489/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
          },
          {
            "name": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz",
            "refsource": "MISC",
            "url": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz"
          },
          {
            "name": "http://secunia.com/advisories/38762",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38762"
          },
          {
            "name": "http://secunia.com/advisories/38795",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38795"
          },
          {
            "name": "http://secunia.com/advisories/38803",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38803"
          },
          {
            "name": "http://securitytracker.com/id?1023658",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1023658"
          },
          {
            "name": "http://sudo.ws/repos/sudo/rev/aa0b6c01c462",
            "refsource": "MISC",
            "url": "http://sudo.ws/repos/sudo/rev/aa0b6c01c462"
          },
          {
            "name": "http://www.debian.org/security/2010/dsa-2006",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2010/dsa-2006"
          },
          {
            "name": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml",
            "refsource": "MISC",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
          },
          {
            "name": "http://www.gratisoft.us/bugzilla/attachment.cgi?id=255",
            "refsource": "MISC",
            "url": "http://www.gratisoft.us/bugzilla/attachment.cgi?id=255"
          },
          {
            "name": "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349",
            "refsource": "MISC",
            "url": "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2010/02/23/4",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2010/02/23/4"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2010/02/24/5",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2010/02/24/5"
          },
          {
            "name": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7\u0026r2=1.30.2.8",
            "refsource": "MISC",
            "url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7\u0026r2=1.30.2.8"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-905-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-905-1"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=567622",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567622"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-0427"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=567622",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567622"
            },
            {
              "name": "[oss-security] 20100223 CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2010/02/23/4"
            },
            {
              "name": "http://sudo.ws/repos/sudo/rev/aa0b6c01c462",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sudo.ws/repos/sudo/rev/aa0b6c01c462"
            },
            {
              "name": "http://www.gratisoft.us/bugzilla/attachment.cgi?id=255",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.gratisoft.us/bugzilla/attachment.cgi?id=255"
            },
            {
              "name": "[oss-security] 20100224 Re: CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2010/02/24/5"
            },
            {
              "name": "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349"
            },
            {
              "name": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz"
            },
            {
              "name": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7\u0026r2=1.30.2.8",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7\u0026r2=1.30.2.8"
            },
            {
              "name": "38915",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38915"
            },
            {
              "name": "SUSE-SR:2010:006",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
            },
            {
              "name": "38795",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38795"
            },
            {
              "name": "USN-905-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-905-1"
            },
            {
              "name": "1023658",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023658"
            },
            {
              "name": "38803",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38803"
            },
            {
              "name": "GLSA-201003-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
            },
            {
              "name": "DSA-2006",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2010/dsa-2006"
            },
            {
              "name": "38762",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38762"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
            },
            {
              "name": "oval:org.mitre.oval:def:7216",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216"
            },
            {
              "name": "oval:org.mitre.oval:def:10946",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946"
            },
            {
              "name": "20101027 rPSA-2010-0075-1 sudo",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:52Z",
      "publishedDate": "2010-02-25T19:30Z"
    }
  }
}

CERTFR-2014-AVI-480

Vulnerability from certfr_avis - Published: 2014-11-13 - Updated: 2014-11-13

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	CTPOS versions antérieures à 6.6R2
ESET	Security	Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2
Juniper Networks	N/A	CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6
Juniper Networks	Junos Space	Junos Space jusqu'à la version 13.3
Juniper Networks	Secure Analytics	Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2
ESET	Security	Network and Security Manager (NSM) version 2012.2

References

Title

Publication Time

GHSA-FVMP-M2WJ-XQP8

Vulnerability from github – Published: 2022-05-03 03:21 – Updated: 2022-05-03 03:21

Details

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0427"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-02-25T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.",
  "id": "GHSA-fvmp-m2wj-xqp8",
  "modified": "2022-05-03T03:21:20Z",
  "published": "2022-05-03T03:21:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0427"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567622"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38762"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38795"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38803"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38915"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023658"
    },
    {
      "type": "WEB",
      "url": "http://sudo.ws/repos/sudo/rev/aa0b6c01c462"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2006"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.gratisoft.us/bugzilla/attachment.cgi?id=255"
    },
    {
      "type": "WEB",
      "url": "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/02/23/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2010/02/24/5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7\u0026r2=1.30.2.8"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-905-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0427 (GCVE-0-2010-0427)

FKIE_CVE-2010-0427

GSD-2010-0427

CERTFR-2014-AVI-480

Solution

GHSA-FVMP-M2WJ-XQP8

Tags

Sightings

Nomenclature