Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD1A9F678D-48CA-11DF-85F8-000C29A67389
HistoryApr 09, 2010 - 12:00 a.m.

sudo -- Privilege escalation with sudoedit

2010-04-0900:00:00
vuxml.freebsd.org
22

0.0004 Low

EPSS

Percentile

9.7%

JSON

Todd Miller reports:

Sudo’s command matching routine expects actual commands to include
one or more slash (β€˜/’) characters. The flaw is that sudo’s path
resolution code did not add a β€œ./” prefix to commands found in the
current working directory. This creates an ambiguity between a
β€œsudoedit” command found in the cwd and the β€œsudoedit”
pseudo-command in the sudoers file. As a result, a user may be
able to run an arbitrary command named β€œsudoedit” in the current
working directory. For the attack to be successful, the PATH
environment variable must include β€œ.” and may not include any other
directory that contains a β€œsudoedit” command.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchsudo<Β 1.7.2.6UNKNOWN

Related

cisco 1
nessus 12
gentoo 1
openvas 15
seebug 1
packetstorm 1
veracode 1
oraclelinux 1
altlinux 2
centos 1
cvelist 1
debiancve 1
securityvulns 2
redhat 2
ubuntucve 1
prion 1
cve 1
slackware 1
cisco
cisco
Sudo sudoedit Local Command Privilege Escalation Vulnerability
2010-04-19 20:43:48
nessus
nessus
Scientific Linux Security Update : sudo on SL5.x i386/x86_64
2012-08-01 00:00:00
GLSA-201006-09 : sudo: Privilege escalation
2010-06-02 00:00:00
FreeBSD : sudo -- Privilege escalation with sudoedit (1a9f678d-48ca-11df-85f8-000c29a67389)
2010-04-16 00:00:00
gentoo
gentoo
sudo: Privilege escalation
2010-06-01 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201006-09 (sudo)
2011-03-09 00:00:00
Gentoo Security Advisory GLSA 201006-09 (sudo)
2011-03-09 00:00:00
Slackware: Security Advisory (SSA:2010-110-01)
2012-09-10 00:00:00
seebug
seebug
Sudo sudoeditθ·―εΎ„θ§£ζžζœ¬εœ°ζƒι™ζε‡ζΌζ΄ž
2010-04-19 00:00:00
packetstorm
packetstorm
Sudo 1.7.2p5 Local Privilege Escalation
2010-04-20 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:48:33
oraclelinux
oraclelinux
sudo security update
2010-04-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package sudo version 1:1.6.8p12-alt8
2010-06-01 00:00:00
Security fix for the ALT Linux 6 package sudo version 1:1.6.8p12-alt8
2010-06-01 00:00:00
centos
centos
sudo security update
2010-05-28 10:47:01
cvelist
cvelist
CVE-2010-1163
2010-04-16 19:00:00
debiancve
debiancve
CVE-2010-1163
2010-04-16 19:30:00
securityvulns
securityvulns
sudoedit local privilege escalation through PATH manipulation
2010-04-22 00:00:00
sudo protection bypass
2010-04-22 00:00:00
redhat
redhat
(RHSA-2010:0361) Moderate: sudo security update
2010-04-20 00:00:00
(RHSA-2010:0476) Important: rhev-hypervisor security, bug fix, and enhancement update
2010-06-22 00:00:00
ubuntucve
ubuntucve
CVE-2010-1163
2010-04-16 00:00:00
prion
prion
Command injection
2010-04-16 19:30:00
cve
cve
CVE-2010-1163
2010-04-16 19:30:00
slackware
slackware
[slackware-security] sudo
2010-04-20 17:51:19

0.0004 Low

EPSS

Percentile

9.7%

JSON
Related for 1A9F678D-48CA-11DF-85F8-000C29A67389
cisco1nessus12gentoo1openvas15seebug1packetstorm1veracode1oraclelinux1altlinux2centos1cvelist1debiancve1securityvulns2redhat2ubuntucve1prion1cve1slackware1