What is CVE-2010-0426?

CVE-2010-0426 is a vulnerability in Todd_miller Sudo, classified under CWE-264. Published 2010-02-24.

Is CVE-2010-0426 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Todd_miller Sudo

CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain pr…

EPSS: 0.008 (73.7th percentile) — read the EPSS interpretation.

Affected products

Todd_miller Sudo — versions 1.6.2, 1.6.4_p1, 1.6
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_MISC)
FEDORA-2010-6701 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2010-6749 (vendor-advisory, x_refsource_FEDORA)
SUSE-SR:2010:006 (vendor-advisory, x_refsource_SUSE)
38659 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
38762 (x_refsource_SECUNIA, third-party-advisory)
38795 (x_refsource_SECUNIA, third-party-advisory)
38803 (x_refsource_SECUNIA, third-party-advisory)
38915 (x_refsource_SECUNIA, third-party-advisory)
39399 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2010-0426?: CVE-2010-0426 is a vulnerability in Todd_miller Sudo, classified under CWE-264. Published 2010-02-24.
Is CVE-2010-0426 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.