6.9
CVE-2010-1163
- EPSS 0.05%
- Published 16.04.2010 19:30:00
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
Data is provided by the National Vulnerability Database (NVD)
Todd Miller ≫ Sudo Version1.6.8
Todd Miller ≫ Sudo Version1.6.8_p1
Todd Miller ≫ Sudo Version1.6.8_p2
Todd Miller ≫ Sudo Version1.6.8_p5
Todd Miller ≫ Sudo Version1.6.8_p7
Todd Miller ≫ Sudo Version1.6.8_p8
Todd Miller ≫ Sudo Version1.6.8_p9
Todd Miller ≫ Sudo Version1.6.8_p12
Todd Miller ≫ Sudo Version1.6.8p7
Todd Miller ≫ Sudo Version1.6.9_p17
Todd Miller ≫ Sudo Version1.6.9_p18
Todd Miller ≫ Sudo Version1.6.9_p19
Todd Miller ≫ Sudo Version1.6.9_p20
Todd Miller ≫ Sudo Version1.6.9_p21
Todd Miller ≫ Sudo Version1.6.9_p22
Todd Miller ≫ Sudo Version1.7.0
Todd Miller ≫ Sudo Version1.7.1
Todd Miller ≫ Sudo Version1.7.2p1
Todd Miller ≫ Sudo Version1.7.2p2
Todd Miller ≫ Sudo Version1.7.2p3
Todd Miller ≫ Sudo Version1.7.2p4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.105 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.