Vulnerability-Lookup

CVE-2010-2956 (GCVE-0-2010-2956)

Vulnerability from cvelistv5 – Published: 2010-09-10 18:00 – Updated: 2024-08-07 02:55

Summary

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.vupen.com/english/advisories/2010/2312	vdb-entryx_refsource_VUPEN
	https://bugzilla.redhat.com/show_bug.cgi?id=628628	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/2318	vdb-entryx_refsource_VUPEN
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2010/2320	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/514489/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2010/2358	vdb-entryx_refsource_VUPEN
	http://www.sudo.ws/sudo/alerts/runas_group.html	x_refsource_CONFIRM
	http://wiki.rpath.com/Advisories:rPSA-2010-0075	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://security.gentoo.org/glsa/glsa-201009-03.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/archive/1/515545/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/43019	vdb-entryx_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2010-06…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/40508	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1024392	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/42787	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2011/0025	vdb-entryx_refsource_VUPEN
	http://www.ubuntu.com/usn/USN-983-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/41316	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:55:46.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2010-2312",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2312"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628628"
          },
          {
            "name": "ADV-2010-2318",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2318"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
          },
          {
            "name": "MDVSA-2010:175",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175"
          },
          {
            "name": "ADV-2010-2320",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2320"
          },
          {
            "name": "20101027 rPSA-2010-0075-1 sudo",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
          },
          {
            "name": "ADV-2010-2358",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2358"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sudo.ws/sudo/alerts/runas_group.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
          },
          {
            "name": "FEDORA-2010-14355",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html"
          },
          {
            "name": "GLSA-201009-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
          },
          {
            "name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
          },
          {
            "name": "SUSE-SR:2010:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
          },
          {
            "name": "43019",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/43019"
          },
          {
            "name": "RHSA-2010:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0675.html"
          },
          {
            "name": "40508",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40508"
          },
          {
            "name": "1024392",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024392"
          },
          {
            "name": "42787",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42787"
          },
          {
            "name": "ADV-2011-0025",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0025"
          },
          {
            "name": "USN-983-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-983-1"
          },
          {
            "name": "41316",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2010-2312",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2312"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628628"
        },
        {
          "name": "ADV-2010-2318",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2318"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
        },
        {
          "name": "MDVSA-2010:175",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175"
        },
        {
          "name": "ADV-2010-2320",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2320"
        },
        {
          "name": "20101027 rPSA-2010-0075-1 sudo",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
        },
        {
          "name": "ADV-2010-2358",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2358"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sudo.ws/sudo/alerts/runas_group.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
        },
        {
          "name": "FEDORA-2010-14355",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html"
        },
        {
          "name": "GLSA-201009-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
        },
        {
          "name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
        },
        {
          "name": "SUSE-SR:2010:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
        },
        {
          "name": "43019",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/43019"
        },
        {
          "name": "RHSA-2010:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0675.html"
        },
        {
          "name": "40508",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40508"
        },
        {
          "name": "1024392",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024392"
        },
        {
          "name": "42787",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42787"
        },
        {
          "name": "ADV-2011-0025",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0025"
        },
        {
          "name": "USN-983-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-983-1"
        },
        {
          "name": "41316",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41316"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-2956",
    "datePublished": "2010-09-10T18:00:00.000Z",
    "dateReserved": "2010-08-04T00:00:00.000Z",
    "dateUpdated": "2024-08-07T02:55:46.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2010-2956

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-2956

Aliases

CVE-2010-2956

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-2956",
    "description": "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence.",
    "id": "GSD-2010-2956",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-2956.html",
      "https://access.redhat.com/errata/RHSA-2010:0675",
      "https://linux.oracle.com/cve/CVE-2010-2956.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-2956"
      ],
      "details": "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence.",
      "id": "GSD-2010-2956",
      "modified": "2023-12-13T01:21:31.661280Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2010-2956",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
          },
          {
            "name": "http://secunia.com/advisories/40508",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/40508"
          },
          {
            "name": "http://secunia.com/advisories/41316",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/41316"
          },
          {
            "name": "http://secunia.com/advisories/42787",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42787"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-201009-03.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2010-0675.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0675.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/514489/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/515545/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/43019",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/43019"
          },
          {
            "name": "http://www.securitytracker.com/id?1024392",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1024392"
          },
          {
            "name": "http://www.sudo.ws/sudo/alerts/runas_group.html",
            "refsource": "MISC",
            "url": "http://www.sudo.ws/sudo/alerts/runas_group.html"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-983-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-983-1"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/2312",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/2312"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/2318",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/2318"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/2320",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/2320"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/2358",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/2358"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2011/0025",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2011/0025"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=628628",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628628"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-2956"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-983-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-983-1"
            },
            {
              "name": "http://www.sudo.ws/sudo/alerts/runas_group.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.sudo.ws/sudo/alerts/runas_group.html"
            },
            {
              "name": "41316",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/41316"
            },
            {
              "name": "GLSA-201009-03",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
            },
            {
              "name": "RHSA-2010:0675",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0675.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=628628",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628628"
            },
            {
              "name": "40508",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/40508"
            },
            {
              "name": "ADV-2010-2318",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/2318"
            },
            {
              "name": "ADV-2010-2312",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/2312"
            },
            {
              "name": "FEDORA-2010-14355",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html"
            },
            {
              "name": "43019",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/43019"
            },
            {
              "name": "ADV-2010-2358",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/2358"
            },
            {
              "name": "MDVSA-2010:175",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175"
            },
            {
              "name": "ADV-2010-2320",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/2320"
            },
            {
              "name": "1024392",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1024392"
            },
            {
              "name": "SUSE-SR:2010:017",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
            },
            {
              "name": "ADV-2011-0025",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2011/0025"
            },
            {
              "name": "42787",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42787"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
            },
            {
              "name": "20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
            },
            {
              "name": "20101027 rPSA-2010-0075-1 sudo",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 1.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T20:00Z",
      "publishedDate": "2010-09-10T19:00Z"
    }
  }
}

FKIE_CVE-2010-2956

Vulnerability from fkie_nvd - Published: 2010-09-10 19:00 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
secalert@redhat.com	http://secunia.com/advisories/40508	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/41316	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/42787
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201009-03.xml
secalert@redhat.com	http://wiki.rpath.com/Advisories:rPSA-2010-0075
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:175
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2010-0675.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/514489/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/515545/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/43019
secalert@redhat.com	http://www.securitytracker.com/id?1024392
secalert@redhat.com	http://www.sudo.ws/sudo/alerts/runas_group.html	Vendor Advisory
secalert@redhat.com	http://www.ubuntu.com/usn/USN-983-1
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2011-0001.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/2312
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/2318
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/2320
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/2358
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0025
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=628628
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/40508	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41316	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42787
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201009-03.xml
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2010-0075
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:175
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0675.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/514489/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/515545/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/43019
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1024392
af854a3a-2127-422b-91ae-364da2661108	http://www.sudo.ws/sudo/alerts/runas_group.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-983-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2011-0001.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2312
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2318
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2320
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2358
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0025
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=628628

Impacted products

Vendor	Product	Version
todd_miller	sudo	1.7.0
todd_miller	sudo	1.7.1
todd_miller	sudo	1.7.2
todd_miller	sudo	1.7.2p1
todd_miller	sudo	1.7.2p2
todd_miller	sudo	1.7.2p3
todd_miller	sudo	1.7.2p4
todd_miller	sudo	1.7.2p5
todd_miller	sudo	1.7.2p6
todd_miller	sudo	1.7.2p7
todd_miller	sudo	1.7.3b1
todd_miller	sudo	1.7.4
todd_miller	sudo	1.7.4p1
todd_miller	sudo	1.7.4p2
todd_miller	sudo	1.7.4p3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence."
    },
    {
      "lang": "es",
      "value": "Sudo v1.7.0 hasta v1.7.4p3, cuando el grupo Runas est\u00e1 configurado, no gestiona de forma adecuada el uso de la opci\u00f3n -u junto a la opci\u00f3n -g, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de una l\u00ednea de comandos que contenga una secuencia \"-u root\"."
    }
  ],
  "id": "CVE-2010-2956",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-09-10T19:00:02.830",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40508"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42787"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0675.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/43019"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1024392"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/sudo/alerts/runas_group.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-983-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/2312"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/2318"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/2320"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/2358"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0025"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0675.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/43019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024392"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/sudo/alerts/runas_group.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-983-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628628"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2014-AVI-480

Vulnerability from certfr_avis - Published: 2014-11-13 - Updated: 2014-11-13

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	CTPOS versions antérieures à 6.6R2
ESET	Security	Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2
Juniper Networks	N/A	CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6
Juniper Networks	Junos Space	Junos Space jusqu'à la version 13.3
Juniper Networks	Secure Analytics	Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2
ESET	Security	Network and Security Manager (NSM) version 2012.2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10661 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10657 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10658 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10659 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10660 du 11 novembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Network and Security Manager (NSM) version 2012.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
    },
    {
      "name": "CVE-2010-3853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2010-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
    },
    {
      "name": "CVE-2012-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
    },
    {
      "name": "CVE-2012-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
    },
    {
      "name": "CVE-2014-0460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
    },
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2011-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
    },
    {
      "name": "CVE-2012-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
    },
    {
      "name": "CVE-2014-4827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
    },
    {
      "name": "CVE-2013-1635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2013-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2012-0788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
    },
    {
      "name": "CVE-2010-4755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
    },
    {
      "name": "CVE-2013-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2014-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
    },
    {
      "name": "CVE-2013-1643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
    },
    {
      "name": "CVE-2013-0791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
    },
    {
      "name": "CVE-2010-1646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
    },
    {
      "name": "CVE-2014-7169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2011-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
    },
    {
      "name": "CVE-2011-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2014-4825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
    },
    {
      "name": "CVE-2010-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
    },
    {
      "name": "CVE-2012-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2014-0453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
    },
    {
      "name": "CVE-2011-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2010-0426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
    },
    {
      "name": "CVE-2014-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
    },
    {
      "name": "CVE-2012-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
    },
    {
      "name": "CVE-2014-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
    },
    {
      "name": "CVE-2014-4830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2014-4828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
    },
    {
      "name": "CVE-2014-0095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
    },
    {
      "name": "CVE-2010-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
    },
    {
      "name": "CVE-2014-3470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
    },
    {
      "name": "CVE-2014-3062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
    },
    {
      "name": "CVE-2012-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2012-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2010-2956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
    },
    {
      "name": "CVE-2011-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
    },
    {
      "name": "CVE-2014-4833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
    },
    {
      "name": "CVE-2011-4566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
    },
    {
      "name": "CVE-2014-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2014-6278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
    },
    {
      "name": "CVE-2012-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
    },
    {
      "name": "CVE-2014-0076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
    },
    {
      "name": "CVE-2010-1163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2010-5107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
    },
    {
      "name": "CVE-2009-1265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
    },
    {
      "name": "CVE-2010-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
    },
    {
      "name": "CVE-2012-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
    },
    {
      "name": "CVE-2011-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
    },
    {
      "name": "CVE-2010-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2013-5908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
    },
    {
      "name": "CVE-2014-3091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "initial_release_date": "2014-11-13T00:00:00",
  "last_revision_date": "2014-11-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-480",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
    }
  ]
}

GHSA-88QQ-68FM-2RXX

Vulnerability from github – Published: 2022-05-14 02:43 – Updated: 2022-05-14 02:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-2956"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-09-10T19:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a \"-u root\" sequence.",
  "id": "GHSA-88qq-68fm-2rxx",
  "modified": "2022-05-14T02:43:42Z",
  "published": "2022-05-14T02:43:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2956"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=628628"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40508"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/41316"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/42787"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:175"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0675.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/515545/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/43019"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1024392"
    },
    {
      "type": "WEB",
      "url": "http://www.sudo.ws/sudo/alerts/runas_group.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-983-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0001.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2312"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2318"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2320"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/2358"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2011/0025"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-2956 (GCVE-0-2010-2956)

GSD-2010-2956

FKIE_CVE-2010-2956

CERTFR-2014-AVI-480

Solution

GHSA-88QQ-68FM-2RXX

Tags

Sightings

Nomenclature