#VU32862 Permissions, Privileges, and Access Controls in Sudo


Published: 2010-02-25 | Updated: 2020-07-28

Vulnerability identifier: #VU32862

Vulnerability risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0427

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Sudo
Client/Desktop applications / Software for system administration

Vendor: Sudo

Description

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Sudo: 1.6.1 - 1.6.9p20


External links
http:ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://secunia.com/advisories/38762
http://secunia.com/advisories/38795
http://secunia.com/advisories/38803
http://secunia.com/advisories/38915
http://securitytracker.com/id?1023658
http://sudo.ws/repos/sudo/rev/aa0b6c01c462
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.debian.org/security/2010/dsa-2006
http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
http://www.gratisoft.us/bugzilla/attachment.cgi?id=255
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349
http://www.openwall.com/lists/oss-security/2010/02/23/4
http://www.openwall.com/lists/oss-security/2010/02/24/5
http://www.securityfocus.com/archive/1/514489/100/0/threaded
http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8
http://www.ubuntu.com/usn/USN-905-1
http://bugzilla.redhat.com/show_bug.cgi?id=567622
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability