CVE-2010-0427

Name: CVE-2010-0427
Creator: NVD / NIST
Published: 2010-02-25T19:30:00.517+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.46%

Last modified Jun 16, 2026

CVE-2010-0427 is a vulnerability of currently unknown severity. sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.. EPSS estimates a 0.46% chance of exploitation in the next 30 days.

Description

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

Metrics

EPSS Probability

0.46%

36.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Todd Miller	Sudo	1.6
Todd Miller	Sudo	1.6.1
Todd Miller	Sudo	1.6.2
Todd Miller	Sudo	1.6.3
Todd Miller	Sudo	1.6.3_p1
Todd Miller	Sudo	1.6.3_p2
Todd Miller	Sudo	1.6.3_p3
Todd Miller	Sudo	1.6.3_p4
Todd Miller	Sudo	1.6.3_p5
Todd Miller	Sudo	1.6.3_p6
Todd Miller	Sudo	1.6.3_p7
Todd Miller	Sudo	1.6.4_p1
Todd Miller	Sudo	1.6.4_p2
Todd Miller	Sudo	1.6.5
Todd Miller	Sudo	1.6.5_p1
Todd Miller	Sudo	1.6.5_p2
Todd Miller	Sudo	1.6.6
Todd Miller	Sudo	1.6.7
Todd Miller	Sudo	1.6.7_p5
Todd Miller	Sudo	1.6.8
Todd Miller	Sudo	1.6.8_p1
Todd Miller	Sudo	1.6.8_p5
Todd Miller	Sudo	1.6.8_p8
Todd Miller	Sudo	1.6.8_p9
Todd Miller	Sudo	1.6.8_p12
Todd Miller	Sudo	1.6.9_p17
Todd Miller	Sudo	1.6.9_p18
Todd Miller	Sudo	1.6.9_p19

References

Timeline

Published: Feb 25, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-0427?

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

How severe is CVE-2010-0427?

Severity scoring for CVE-2010-0427 is pending analysis. The EPSS model estimates a 0.46% probability of exploitation in the next 30 days.

How do I fix CVE-2010-0427?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-0427?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST