exploitDog

CVE-2010-1646

Опубликовано: 28 мая 2010

Источник: redhat

CVSS2: 6.6

EPSS Низкий

Описание

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=598154sudo: insufficient environment sanitization issue

EPSS

Процентиль: 24%

0.00078

Низкий

6.6 Medium

CVSS2

Связанные уязвимости

CVE-2010-1646

ubuntu

больше 15 лет назад

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

CVE-2010-1646

nvd

больше 15 лет назад

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

CVE-2010-1646

debian

больше 15 лет назад

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1. ...

GHSA-xww5-hh94-wcq9

github

больше 3 лет назад

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

ELSA-2010-0475

oracle-oval

больше 15 лет назад

ELSA-2010-0475: sudo security update (MODERATE)

EPSS

Процентиль: 24%

0.00078

Низкий

6.6 Medium

CVSS2