Improper input validation in Todd_miller Sudo

CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.000 (14.2th percentile) — read the EPSS interpretation.

Affected products

Todd_miller Sudo — versions 1.7.0, 1.7.2p4, 1.6.8_p7
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

FEDORA-2010-6756 (vendor-advisory, x_refsource_FEDORA)
SUSE-SR:2011:002 (vendor-advisory, x_refsource_SUSE)
39384 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
39399 (x_refsource_SECUNIA, third-party-advisory)
39474 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
39543 (x_refsource_SECUNIA, third-party-advisory)
43068 (x_refsource_SECUNIA, third-party-advisory)
SSA:2010-110-01 (vendor-advisory, x_refsource_SLACKWARE)
secalert@redhat.com (x_refsource_CONFIRM)
MDVSA-2010:078 (vendor-advisory, x_refsource_MANDRIVA)