6.2

CVE-2010-1646

Exploit

EPSS 0.08%
Veröffentlicht 07.06.2010 17:12:48
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 32

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Todd Miller ≫ Sudo Version1.3.1

Todd Miller ≫ Sudo Version1.6

Todd Miller ≫ Sudo Version1.6.1

Todd Miller ≫ Sudo Version1.6.2

Todd Miller ≫ Sudo Version1.6.2p1

Todd Miller ≫ Sudo Version1.6.2p2

Todd Miller ≫ Sudo Version1.6.2p3

Todd Miller ≫ Sudo Version1.6.3

Todd Miller ≫ Sudo Version1.6.3p1

Todd Miller ≫ Sudo Version1.6.3p2

Todd Miller ≫ Sudo Version1.6.3p3

Todd Miller ≫ Sudo Version1.6.3p4

Todd Miller ≫ Sudo Version1.6.3p5

Todd Miller ≫ Sudo Version1.6.3p6

Todd Miller ≫ Sudo Version1.6.3p7

Todd Miller ≫ Sudo Version1.6.4

Todd Miller ≫ Sudo Version1.6.4p1

Todd Miller ≫ Sudo Version1.6.4p2

Todd Miller ≫ Sudo Version1.6.5

Todd Miller ≫ Sudo Version1.6.5p1

Todd Miller ≫ Sudo Version1.6.5p2

Todd Miller ≫ Sudo Version1.6.6

Todd Miller ≫ Sudo Version1.6.7

Todd Miller ≫ Sudo Version1.6.7p1

Todd Miller ≫ Sudo Version1.6.7p2

Todd Miller ≫ Sudo Version1.6.7p3

Todd Miller ≫ Sudo Version1.6.7p4

Todd Miller ≫ Sudo Version1.6.7p5

Todd Miller ≫ Sudo Version1.6.8

Todd Miller ≫ Sudo Version1.6.8p1

Todd Miller ≫ Sudo Version1.6.8p2

Todd Miller ≫ Sudo Version1.6.8p3

Todd Miller ≫ Sudo Version1.6.8p4

Todd Miller ≫ Sudo Version1.6.8p5

Todd Miller ≫ Sudo Version1.6.8p6

Todd Miller ≫ Sudo Version1.6.8p7

Todd Miller ≫ Sudo Version1.6.8p8

Todd Miller ≫ Sudo Version1.6.8p9

Todd Miller ≫ Sudo Version1.6.8p10

Todd Miller ≫ Sudo Version1.6.8p11

Todd Miller ≫ Sudo Version1.6.8p12

Todd Miller ≫ Sudo Version1.6.9

Todd Miller ≫ Sudo Version1.6.9p1

Todd Miller ≫ Sudo Version1.6.9p2

Todd Miller ≫ Sudo Version1.6.9p3

Todd Miller ≫ Sudo Version1.6.9p4

Todd Miller ≫ Sudo Version1.6.9p5

Todd Miller ≫ Sudo Version1.6.9p6

Todd Miller ≫ Sudo Version1.6.9p7

Todd Miller ≫ Sudo Version1.6.9p8

Todd Miller ≫ Sudo Version1.6.9p9

Todd Miller ≫ Sudo Version1.6.9p10

Todd Miller ≫ Sudo Version1.6.9p11

Todd Miller ≫ Sudo Version1.6.9p12

Todd Miller ≫ Sudo Version1.6.9p13

Todd Miller ≫ Sudo Version1.6.9p14

Todd Miller ≫ Sudo Version1.6.9p15

Todd Miller ≫ Sudo Version1.6.9p16

Todd Miller ≫ Sudo Version1.6.9p17

Todd Miller ≫ Sudo Version1.6.9p18

Todd Miller ≫ Sudo Version1.6.9p19

Todd Miller ≫ Sudo Version1.6.9p20

Todd Miller ≫ Sudo Version1.6.9p21

Todd Miller ≫ Sudo Version1.6.9p22

Todd Miller ≫ Sudo Version1.7.0

Todd Miller ≫ Sudo Version1.7.1

Todd Miller ≫ Sudo Version1.7.2

Todd Miller ≫ Sudo Version1.7.2p1

Todd Miller ≫ Sudo Version1.7.2p2

Todd Miller ≫ Sudo Version1.7.2p3

Todd Miller ≫ Sudo Version1.7.2p4

Todd Miller ≫ Sudo Version1.7.2p5

Todd Miller ≫ Sudo Version1.7.2p6

Todd Miller ≫ Sudo Version1.7.2p7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.204

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.2	1.9	10	AV:L/AC:H/Au:N/C:C/I:C/A:C

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/43068

http://www.vupen.com/english/advisories/2011/0212

http://wiki.rpath.com/Advisories:rPSA-2010-0075

http://www.securityfocus.com/archive/1/514489/100/0/threaded

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html

http://secunia.com/advisories/40002

Vendor Advisory

http://secunia.com/advisories/40188

http://secunia.com/advisories/40215

http://secunia.com/advisories/40508

http://security.gentoo.org/glsa/glsa-201009-03.xml

http://www.debian.org/security/2010/dsa-2062

http://www.mandriva.com/security/advisories?name=MDVSA-2010:118

http://www.osvdb.org/65083

http://www.redhat.com/support/errata/RHSA-2010-0475.html

http://www.securityfocus.com/bid/40538

http://www.securitytracker.com/id?1024101

http://www.sudo.ws/repos/sudo/rev/3057fde43cf0

Patch

Exploit

http://www.sudo.ws/repos/sudo/rev/a09c6812eaec

Patch

Exploit

http://www.sudo.ws/sudo/alerts/secure_path.html

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1452

http://www.vupen.com/english/advisories/2010/1478

http://www.vupen.com/english/advisories/2010/1518

http://www.vupen.com/english/advisories/2010/1519

https://bugzilla.redhat.com/show_bug.cgi?id=598154

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338

https://nvd.nist.gov/vuln/detail/CVE-2010-1646

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1646

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1646

EUVD