CVSS: 6.6EPSS: 0%CPEs: 74EXPL: 2CVE-2010-1646 – sudo: insufficient environment sanitization issue
https://notcve.org/view.php?id=CVE-2010-1646
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. La funcionalidad de ruta de acceso segura en env.c en sudo v1.3.1 a v1.6.9p22 y v1.7.0 a v1.7.2p6 no controla correctamente un entorno que contenga múltiples variables PATH, lo que podría permitir a usuarios locales conseguir privilegios a través de un valor debidamente modificado de la última variable de entorno PATH. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40002 http://secunia.com/advisories/40188 http://secunia.com/advisories/40215 http://secunia.com/advisories/40508 http://secunia.com/advisories/43068 http:/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 21EXPL: 0CVE-2010-1163 – sudo: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426
https://notcve.org/view.php?id=CVE-2010-1163
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. El comando de funcionalidad matching en sudo v1.6.8 hasta v1.7.2p5 no maneja adecuadamente cuando un fichero en el directorio actual de trabajo tiene el mismo nombre que un pseudo-comando en el archivo dudoers y que contiene en la ruta una entrada para ". • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/39384 http://secunia.com/advisories/39399 http://secunia.com/advisories/39474 http://secunia.com/advisories/39543 http://secunia.com/advisories/43068 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019 http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www. • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 32EXPL: 2CVE-2010-0426 – sudo: sudoedit option can possibly allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2010-0426
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. sudo v1.6.x anterior a v1.6.9p21 y v1.7.x anterior a v1.7.2p4, cuando un pseudo-comando está activado, permite la coincidencia entre el nombre del pseudo-comando y el nombre de un archivo ejecutable en un directorio cualquiera, lo que permite a usuarios locales obtener privilegios a través de un archivo ejecutable manipulado, como se ha demostrado mediante el archivo sudoedit en el directorio home de un usuario. • https://github.com/t0kx/privesc-CVE-2010-0426 https://github.com/g1vi/CVE-2010-0426 ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38659 http://secunia.com&#x • CWE-264: Permissions, Privileges, and Access Controls •