CVE-2010-2956

EPSS 0.08%

Published: 9/10/2010Modified: 4/28/2026

Description

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Affected packages (1)

Debian/sudofrom 0, < 1.7.4p4-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-2956