[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-0426Date: (C)2010-02-24   (M)2023-12-22


sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1023658
http://www.securityfocus.com/archive/1/514489/100/0/threaded
BID-38362
SECUNIA-38659
SECUNIA-38762
SECUNIA-38795
SECUNIA-38803
SECUNIA-38915
SECUNIA-39399
ADV-2010-0450
ADV-2010-0949
DSA-2006
FEDORA-2010-6701
FEDORA-2010-6749
GLSA-201003-01
MDVSA-2010:049
SSA:2010-110-01
SUSE-SR:2010:006
USN-905-1
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737
http://sudo.ws/bugs/show_bug.cgi?id=389
http://sudo.ws/repos/sudo/rev/88f3181692fe
http://sudo.ws/repos/sudo/rev/f86e1b56d074
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/
http://www.sudo.ws/sudo/stable.html
oval:org.mitre.oval:def:10814
oval:org.mitre.oval:def:7238

CPE    11
cpe:/a:todd_miller:sudo:1.6
cpe:/a:todd_miller:sudo:1.7.2
cpe:/a:todd_miller:sudo:1.6.3
cpe:/a:todd_miller:sudo:1.7.1
...
CWE    1
CWE-264
OVAL    15
oval:org.secpod.oval:def:301187
oval:org.secpod.oval:def:500470
oval:org.secpod.oval:def:201904
oval:org.secpod.oval:def:500307
...

© SecPod Technologies