[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250053

 
 

909

 
 

195940

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1646Date: (C)2010-06-07   (M)2023-12-22


The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.2
Exploit Score: 1.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1024101
http://www.securityfocus.com/archive/1/514489/100/0/threaded
SECUNIA-40002
SECUNIA-40188
SECUNIA-40215
SECUNIA-40508
BID-40538
SECUNIA-43068
OSVDB-65083
ADV-2010-1452
ADV-2010-1478
ADV-2010-1518
ADV-2010-1519
ADV-2011-0212
DSA-2062
FEDORA-2010-9402
FEDORA-2010-9415
FEDORA-2010-9417
GLSA-201009-03
MDVSA-2010:118
RHSA-2010:0475
SUSE-SR:2011:002
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.sudo.ws/repos/sudo/rev/3057fde43cf0
http://www.sudo.ws/repos/sudo/rev/a09c6812eaec
http://www.sudo.ws/sudo/alerts/secure_path.html
https://bugzilla.redhat.com/show_bug.cgi?id=598154
oval:org.mitre.oval:def:10580
oval:org.mitre.oval:def:7338

CPE    27
cpe:/a:todd_miller:sudo:1.6.8
cpe:/a:todd_miller:sudo:1.6
cpe:/a:todd_miller:sudo:1.6.7
cpe:/a:todd_miller:sudo:1.6.9
...
CWE    1
CWE-264
OVAL    10
oval:org.secpod.oval:def:700151
oval:org.secpod.oval:def:500371
oval:org.secpod.oval:def:201841
oval:org.secpod.oval:def:201805
...

© SecPod Technologies