CVE-2010-1646

Description

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580

https://bugzilla.redhat.com/show_bug.cgi?id=598154

http://www.vupen.com/english/advisories/2011/0212

http://www.vupen.com/english/advisories/2010/1519

http://www.vupen.com/english/advisories/2010/1518

http://www.vupen.com/english/advisories/2010/1478

http://www.vupen.com/english/advisories/2010/1452

http://www.sudo.ws/sudo/alerts/secure_path.html

http://www.securitytracker.com/id?1024101

http://www.securityfocus.com/bid/40538

http://www.securityfocus.com/archive/1/514489/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2010-0475.html

http://www.osvdb.org/65083

http://www.mandriva.com/security/advisories?name=MDVSA-2010:118

http://www.debian.org/security/2010/dsa-2062

http://wiki.rpath.com/Advisories:rPSA-2010-0075

http://security.gentoo.org/glsa/glsa-201009-03.xml

http://secunia.com/advisories/43068

http://secunia.com/advisories/40508

http://secunia.com/advisories/40215

http://secunia.com/advisories/40188

http://secunia.com/advisories/40002

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3