CVE-2010-0426 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2010-0426
Status Candidate
Description sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.
Severity Medium
CVSS score 6,9
CVSS vector (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Phase Assigned (21.01.2011)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0426
References BID : 38362
CONFIRM : ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz
CONFIRM : http://sudo.ws/bugs/show_bug.cgi?id=389
CONFIRM : http://sudo.ws/repos/sudo/rev/88f3181692fe
CONFIRM : http://sudo.ws/repos/sudo/rev/f86e1b56d074
CONFIRM : http://www.sudo.ws/sudo/stable.html
DEBIAN : DSA-2006
FEDORA : FEDORA-2010-6701
FEDORA : FEDORA-2010-6749
GENTOO : GLSA-201003-01
MANDRIVA : MDVSA-2010:049
MISC : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...
MISC : http://www.linuxquestions.org/questions/linux-secu...
OVAL : oval:org.mitre.oval:def:10814
OVAL : oval:org.mitre.oval:def:7238
SECTRACK : 1023658
SECUNIA : 38659
SECUNIA : 38762
SECUNIA : 38795
SECUNIA : 38803
SECUNIA : 38915
SECUNIA : 39399
SLACKWARE : SSA:2010-110-01
SUSE : SUSE-SR:2010:006
UBUNTU : USN-905-1
VUPEN : ADV-2010-0450
VUPEN : ADV-2010-0949
SecurityVulns: sudo protection bypass

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server