Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2010-1163

Опубликовано: 16 апр. 2010
Источник: ubuntu
Приоритет: low
CVSS2: 6.9

Описание

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

РелизСтатусПримечание
dapper

released

1.6.8p12-1ubuntu6.2
devel

released

1.7.2p1-1ubuntu5
hardy

released

1.6.9p10-1ubuntu3.7
intrepid

released

1.6.9p17-1ubuntu2.3
jaunty

released

1.6.9p17-1ubuntu3.2
karmic

released

1.7.0-1ubuntu2.2
upstream

released

1.7.2p6, 1.6.9p22

Показывать по

Ссылки на источники

6.9 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2010-1163

redhat
около 15 лет назад

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

nvd логотип

CVE-2010-1163

nvd
около 15 лет назад

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

debian логотип

CVE-2010-1163

debian
около 15 лет назад

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...

github логотип

GHSA-hh7m-2j26-qw2m

github
около 3 лет назад

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

oracle-oval логотип

ELSA-2010-0361

oracle-oval
около 15 лет назад

ELSA-2010-0361: sudo security update (MODERATE)

6.9 Medium

CVSS2