CVE-2010-2956
EPSS 0.08%
Description
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
How to fix CVE-2010-2956
To remediate CVE-2010-2956, upgrade the affected package to a fixed version below.
- Debian/sudo—upgrade to 1.7.4p4-1 or later
Is CVE-2010-2956 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.7.4p4-1