Vulnerability in Todd_miller Sudo
CVE-2010-1646
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value o…
EPSS: 0.001 (23.8th percentile) — read the EPSS interpretation.
Affected products
- Todd_miller Sudo — versions 1.6.7p3, 1.6.8, 1.6.7p1
- N/a — versions n/a
Weakness classification (CWE)
References
- 65083 (x_refsource_OSVDB, vdb-entry)
- FEDORA-2010-9417 (x_refsource_FEDORA, vendor-advisory)
- 43068 (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
- oval:org.mitre.oval:def:10580 (x_refsource_OVAL, signature, vdb-entry)
- MDVSA-2010:118 (vendor-advisory, x_refsource_MANDRIVA)
- ADV-2011-0212 (vdb-entry, x_refsource_VUPEN)
- 40188 (x_refsource_SECUNIA, third-party-advisory)
- 40002 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)