Computer Security
[EN] securityvulns.ru no-pyccku


sudo privilege escalation
Published:12.09.2010
Source:
SecurityVulns ID:11134
Type:local
Threat Level:
5/10
Description:Under some conditions, user can execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group
Affected:SUDO : sudo 1.7
CVE:CVE-2010-2956 (Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.)
Original documentdocumentUBUNTU, [USN-983-1] Sudo vulnerability (12.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod