sudo: incorrect handling of RunAs specification with both user and group lists

🗓️ 07 Sep 2010 12:49:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 5 Views

Sudo 1.7.0–1.7.4p3 mishandles RunAs with user and group lists, enabling -u root.

Reporter	Title	Published	Views	Family All 65
FreeBSD	sudo -- Flaw in Runas group matching	7 Sep 201000:00	–	freebsd
BDU FSTEC	Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information	28 Apr 201500:00	–	bdu_fstec
Tenable Nessus	CentOS 5 : sudo (CESA-2010:0675)	13 Sep 201000:00	–	nessus
Tenable Nessus	Fedora 14 : sudo-1.7.4p4-1.fc14 (2010-14184)	16 Sep 201000:00	–	nessus
Tenable Nessus	Fedora 13 : sudo-1.7.4p4-1.fc13 (2010-14355)	12 Sep 201000:00	–	nessus
Tenable Nessus	Fedora 12 : sudo-1.7.4p4-2.fc12 (2010-14996)	6 Oct 201000:00	–	nessus
Tenable Nessus	FreeBSD : sudo -- Flaw in Runas group matching (67b514c3-ba8f-11df-8f6e-000c29a67389)	8 Sep 201000:00	–	nessus
Tenable Nessus	GLSA-201009-03 : sudo: Privilege Escalation	8 Sep 201000:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : sudo (MDVSA-2010:175)	13 Sep 201000:00	–	nessus
Tenable Nessus	MiracleLinux 3 : sudo-1.7.2p1-8.AXS3 (AXSA:2010-437:05)	14 Jan 202600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	sudo	0:1.7.2p1-8.el5_5	sudo-0:1.7.2p1-8.el5_5.i386.rpm
Red Hat Enterprise Linux	5	ia64	sudo	0:1.7.2p1-8.el5_5	sudo-0:1.7.2p1-8.el5_5.ia64.rpm
Red Hat Enterprise Linux	5	ppc	sudo	0:1.7.2p1-8.el5_5	sudo-0:1.7.2p1-8.el5_5.ppc.rpm
Red Hat Enterprise Linux	5	s390x	sudo	0:1.7.2p1-8.el5_5	sudo-0:1.7.2p1-8.el5_5.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	sudo	0:1.7.2p1-8.el5_5	sudo-0:1.7.2p1-8.el5_5.x86_64.rpm
Red Hat Enterprise Linux	5	i386	sudo-debuginfo	0:1.7.2p1-8.el5_5	sudo-debuginfo-0:1.7.2p1-8.el5_5.i386.rpm
Red Hat Enterprise Linux	5	ia64	sudo-debuginfo	0:1.7.2p1-8.el5_5	sudo-debuginfo-0:1.7.2p1-8.el5_5.ia64.rpm
Red Hat Enterprise Linux	5	ppc	sudo-debuginfo	0:1.7.2p1-8.el5_5	sudo-debuginfo-0:1.7.2p1-8.el5_5.ppc.rpm
Red Hat Enterprise Linux	5	s390x	sudo-debuginfo	0:1.7.2p1-8.el5_5	sudo-debuginfo-0:1.7.2p1-8.el5_5.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	sudo-debuginfo	0:1.7.2p1-8.el5_5	sudo-debuginfo-0:1.7.2p1-8.el5_5.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2010-2956
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2010-2956
cve	www.cve.org/CVERecord

25 Jun 2026 10:36Current

7.2High risk

Vulners AI Score7.2

CVSS 26.2

EPSS0.00362

sudo runas user lists group lists privilege escalation root command line