CVE-2010-0427 : sudo 1.6.x before 1.6.9p21, when the runas

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

Published 2010-02-25 19:30:01

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2010-0427

Todd Miller » Sudo » Version: 1.6
cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.3 P4
cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.3 P5
cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.1
cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.2
cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.3 P6
cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.3 P7
cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.3 P2
cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.3 P3
cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.3
cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.3 P1
cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.5 P1
cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.5 P2
cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.4 P2
cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.5
cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.4 P1
cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.8
cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.8 P1
cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.6
cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.7
cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.7 P5
cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.8 P8
cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.8 P5
cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.8 P9
cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.8 P12
cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.9 P17
cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.9 P18
cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*
Matching versions
Todd Miller » Sudo » Version: 1.6.9 P19
cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2010-0427

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 20 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2010-0427

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-0427

CWE-264

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2010-0427

Red Hat 2010-03-02

This issue was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0122.html It did not affect the versions of the sudo packages as shipped with Red Hat Enterprise Linux 3 and 4.

References for CVE-2010-0427

http://www.gratisoft.us/bugzilla/attachment.cgi?id=255

Sudo Main Page
Exploit
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz

Patch

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:006

CVEs referencing this url
http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8

404 Not Found
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349

Sudo Main Page
http://securitytracker.com/id?1023658

Sudo sudoedit and 'runas_default' Flaws Let Local Users Gain Elevated Privileges - SecurityTracker

CVEs referencing this url
http://secunia.com/advisories/38915

Sign in

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216

Repository / Oval Repository
http://secunia.com/advisories/38803

Sign in

CVEs referencing this url
http://www.ubuntu.com/usn/USN-905-1

USN-905-1: sudo vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946

Repository / Oval Repository
http://www.securityfocus.com/archive/1/514489/100/0/threaded

SecurityFocus

CVEs referencing this url
http://sudo.ws/repos/sudo/rev/aa0b6c01c462

sudo: aa0b6c01c462
http://secunia.com/advisories/38762

Sign in

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2010/02/23/4

oss-security - CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set
http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml

sudo: Privilege escalation (GLSA 201003-01) — Gentoo security

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2010/02/24/5

oss-security - Re: CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set
http://secunia.com/advisories/38795

Sign in

CVEs referencing this url
http://www.debian.org/security/2010/dsa-2006

Debian -- Security Information -- DSA-2006-1 sudo

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=567622

567622 – (CVE-2010-0427) CVE-2010-0427 sudo: Fails to reset group permissions if runas_default set
http://wiki.rpath.com/Advisories:rPSA-2010-0075

CVEs referencing this url