Executive Summary

Informations
Name CVE-2010-0427 First vendor Publication 2010-02-25
Vendor Cve Last vendor Modification 2018-10-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.4 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0427

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10946
 
Oval ID: oval:org.mitre.oval:def:10946
Title: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Description: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0427
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12380
 
Oval ID: oval:org.mitre.oval:def:12380
Title: USN-905-1 -- sudo vulnerabilities
Description: It was discovered that sudo did not properly validate the path for the "sudoedit" pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the "runas_default" configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04
Family: unix Class: patch
Reference(s): USN-905-1
CVE-2010-0426
CVE-2010-0427
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18169
 
Oval ID: oval:org.mitre.oval:def:18169
Title: DSA-2006-1 sudo - several vulnerabilities
Description: Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users.
Family: unix Class: patch
Reference(s): DSA-2006-1
CVE-2010-0426
CVE-2010-0427
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22119
 
Oval ID: oval:org.mitre.oval:def:22119
Title: RHSA-2010:0122: sudo security update (Important)
Description: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Family: unix Class: patch
Reference(s): RHSA-2010:0122-01
CESA-2010:0122
CVE-2010-0426
CVE-2010-0427
Version: 29
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23056
 
Oval ID: oval:org.mitre.oval:def:23056
Title: ELSA-2010:0122: sudo security update (Important)
Description: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Family: unix Class: patch
Reference(s): ELSA-2010:0122-01
CVE-2010-0426
CVE-2010-0427
Version: 13
Platform(s): Oracle Linux 5
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28287
 
Oval ID: oval:org.mitre.oval:def:28287
Title: DEPRECATED: ELSA-2010-0122 -- sudo security update (important)
Description: [1.6.9p17-6] - added patches for CVE-2010-0426 and CVE-2010-0427 Resolves: #567689
Family: unix Class: patch
Reference(s): ELSA-2010-0122
CVE-2010-0426
CVE-2010-0427
Version: 4
Platform(s): Oracle Linux 5
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7216
 
Oval ID: oval:org.mitre.oval:def:7216
Title: Sudo 'runas_default' Local Privilege Escalation Vulnerability
Description: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0427
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 28

OpenVAS Exploits

Date Description
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09 Name : CentOS Update for sudo CESA-2010:0122 centos5 i386
File : nvt/gb_CESA-2010_0122_sudo_centos5_i386.nasl
2010-03-16 Name : Gentoo Security Advisory GLSA 201003-01 (sudo)
File : nvt/glsa_201003_01.nasl
2010-03-12 Name : Mandriva Update for sudo MDVSA-2010:052 (sudo)
File : nvt/gb_mandriva_MDVSA_2010_052.nasl
2010-03-02 Name : RedHat Update for sudo RHSA-2010:0122-01
File : nvt/gb_RHSA-2010_0122-01_sudo.nasl
2010-03-02 Name : Ubuntu Update for sudo vulnerabilities USN-905-1
File : nvt/gb_ubuntu_USN_905_1.nasl
2010-02-15 Name : Mandriva Update for microcode_ctl MDVA-2010:052 (microcode_ctl)
File : nvt/gb_mandriva_MDVA_2010_052.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62657 sudo runas_default Option Group Membership Local Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0476.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0122.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100226_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-03-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_sudo-100301.nasl - Type : ACT_GATHER_INFO
2010-03-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_sudo-100301.nasl - Type : ACT_GATHER_INFO
2010-03-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_sudo-100301.nasl - Type : ACT_GATHER_INFO
2010-03-09 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_sudo-100301.nasl - Type : ACT_GATHER_INFO
2010-03-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2006.nasl - Type : ACT_GATHER_INFO
2010-03-04 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201003-01.nasl - Type : ACT_GATHER_INFO
2010-03-02 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0122.nasl - Type : ACT_GATHER_INFO
2010-03-02 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2010-052.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0122.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-905-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://www.securityfocus.com/archive/1/514489/100/0/threaded
CONFIRM ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz
http://sudo.ws/repos/sudo/rev/aa0b6c01c462
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.gratisoft.us/bugzilla/attachment.cgi?id=255
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349
http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1....
https://bugzilla.redhat.com/show_bug.cgi?id=567622
DEBIAN http://www.debian.org/security/2010/dsa-2006
GENTOO http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
MLIST http://www.openwall.com/lists/oss-security/2010/02/23/4
http://www.openwall.com/lists/oss-security/2010/02/24/5
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://securitytracker.com/id?1023658
SECUNIA http://secunia.com/advisories/38762
http://secunia.com/advisories/38795
http://secunia.com/advisories/38803
http://secunia.com/advisories/38915
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
UBUNTU http://www.ubuntu.com/usn/USN-905-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2021-05-04 12:11:06
  • Multiple Updates
2021-04-22 01:11:39
  • Multiple Updates
2020-05-23 00:25:14
  • Multiple Updates
2018-10-11 00:19:47
  • Multiple Updates
2017-09-19 09:23:38
  • Multiple Updates
2016-04-26 19:33:35
  • Multiple Updates
2016-03-09 13:25:54
  • Multiple Updates
2014-11-18 13:25:36
  • Multiple Updates
2014-02-17 10:53:42
  • Multiple Updates
2013-05-10 23:17:32
  • Multiple Updates