CVSS: 6.9EPSS: 0%CPEs: 21EXPL: 0CVE-2010-1163 – sudo: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426
https://notcve.org/view.php?id=CVE-2010-1163
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. El comando de funcionalidad matching en sudo v1.6.8 hasta v1.7.2p5 no maneja adecuadamente cuando un fichero en el directorio actual de trabajo tiene el mismo nombre que un pseudo-comando en el archivo dudoers y que contiene en la ruta una entrada para ". • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/39384 http://secunia.com/advisories/39399 http://secunia.com/advisories/39474 http://secunia.com/advisories/39543 http://secunia.com/advisories/43068 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019 http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www. • CWE-20: Improper Input Validation •
CVSS: 6.6EPSS: 0%CPEs: 28EXPL: 1CVE-2010-0427 – sudo: Fails to reset group permissions if runas_default set
https://notcve.org/view.php?id=CVE-2010-0427
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. sudo v1.6.x anterior a v1.6.9p21 cuando se utiliza la opción runas_default no establece adecuadamente las pertenencias a grupos, esto permite a usuarios locales aumentar sus privilegios mediante un comando sudo. • ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38762 http://secunia.com/advisories/38795 http://secunia.com/advisories/38803 http://secunia.com/advisories/38915 http://securitytracker.com/id?1023658 http://sudo.ws/repos/sudo/rev/aa0b6c01c462 http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.debian.org/security/2010/dsa-2006 http://www.gentoo.org/s • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 32EXPL: 2CVE-2010-0426 – sudo: sudoedit option can possibly allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2010-0426
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. sudo v1.6.x anterior a v1.6.9p21 y v1.7.x anterior a v1.7.2p4, cuando un pseudo-comando está activado, permite la coincidencia entre el nombre del pseudo-comando y el nombre de un archivo ejecutable en un directorio cualquiera, lo que permite a usuarios locales obtener privilegios a través de un archivo ejecutable manipulado, como se ha demostrado mediante el archivo sudoedit en el directorio home de un usuario. • https://github.com/t0kx/privesc-CVE-2010-0426 https://github.com/g1vi/CVE-2010-0426 ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38659 http://secunia.com&#x • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2009-0034 – sudo: incorrect handling of groups in Runas_User
https://notcve.org/view.php?id=CVE-2009-0034
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. parse.c de sudo v1.6.9p17 hasta v1.6.9p19, no interpreta correctamente un grupo del sistema (también conocido como %group) en el fichero sudoers durante la decisión de autorización para un usuario que pertenezca a ese grupo. Esto permite a usuarios locales utilizar un fichero sudoers y obtener privilegios de root (administrador) a través de un comando sudo. • http://lists.vmware.com/pipermail/security-announce/2009/000060.html http://osvdb.org/51736 http://secunia.com/advisories/33753 http://secunia.com/advisories/33840 http://secunia.com/advisories/33885 http://secunia.com/advisories/35766 http://wiki.rpath.com/Advisories:rPSA-2009-0021 http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327 http://www.mandriva.com/security/advisories?name=MDVSA-2009:033 http://www.redhat.com/support/errata/RHSA-2009-0267.html http://www.secu • CWE-863: Incorrect Authorization •