Launchpad.net

CVE 2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Related bugs and status

CVE-2010-2956 (Candidate) is related to these bugs:

Bug #609645: [Maverick regression] Fingerprint authentication (libpam-thinkfinger, libpam-fprint & libpam-fprintd) not working with basic sudo

		In	Importance	Status
609645	[Maverick regression] Fingerprint authentication (libpam-thinkfinger, libpam-fprint & libpam-fprintd) not working with basic sudo	pam-fprint (Ubuntu)	Undecided	Invalid
609645	[Maverick regression] Fingerprint authentication (libpam-thinkfinger, libpam-fprint & libpam-fprintd) not working with basic sudo	sudo (Ubuntu)	Medium	Fix Released
609645	[Maverick regression] Fingerprint authentication (libpam-thinkfinger, libpam-fprint & libpam-fprintd) not working with basic sudo	sudo (Debian)	Unknown	Fix Released
609645	[Maverick regression] Fingerprint authentication (libpam-thinkfinger, libpam-fprint & libpam-fprintd) not working with basic sudo	sudo	Unknown	Unknown
609645	[Maverick regression] Fingerprint authentication (libpam-thinkfinger, libpam-fprint & libpam-fprintd) not working with basic sudo	GKSu	Undecided	Invalid

Bug #689025: Please merge sudo 1.7.4p4-5 (main) from Debian unstable (main)

Summary				In	Importance	Status
	689025	Please merge sudo 1.7.4p4-5 (main) from Debian unstable (main)		sudo (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-2956

Related bugs and status

Related bugs

References