Lucene search

K
nvd[email protected]NVD:CVE-2010-1646
HistoryJun 07, 2010 - 5:12 p.m.

CVE-2010-1646

2010-06-0717:12:48
CWE-264
web.nvd.nist.gov
8

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

10.1%

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

Affected configurations

Nvd
Node
todd_millersudoMatch1.3.1
OR
todd_millersudoMatch1.6
OR
todd_millersudoMatch1.6.1
OR
todd_millersudoMatch1.6.2
OR
todd_millersudoMatch1.6.2p1
OR
todd_millersudoMatch1.6.2p2
OR
todd_millersudoMatch1.6.2p3
OR
todd_millersudoMatch1.6.3
OR
todd_millersudoMatch1.6.3p1
OR
todd_millersudoMatch1.6.3p2
OR
todd_millersudoMatch1.6.3p3
OR
todd_millersudoMatch1.6.3p4
OR
todd_millersudoMatch1.6.3p5
OR
todd_millersudoMatch1.6.3p6
OR
todd_millersudoMatch1.6.3p7
OR
todd_millersudoMatch1.6.4
OR
todd_millersudoMatch1.6.4p1
OR
todd_millersudoMatch1.6.4p2
OR
todd_millersudoMatch1.6.5
OR
todd_millersudoMatch1.6.5p1
OR
todd_millersudoMatch1.6.5p2
OR
todd_millersudoMatch1.6.6
OR
todd_millersudoMatch1.6.7
OR
todd_millersudoMatch1.6.7p1
OR
todd_millersudoMatch1.6.7p2
OR
todd_millersudoMatch1.6.7p3
OR
todd_millersudoMatch1.6.7p4
OR
todd_millersudoMatch1.6.7p5
OR
todd_millersudoMatch1.6.8
OR
todd_millersudoMatch1.6.8p1
OR
todd_millersudoMatch1.6.8p2
OR
todd_millersudoMatch1.6.8p3
OR
todd_millersudoMatch1.6.8p4
OR
todd_millersudoMatch1.6.8p5
OR
todd_millersudoMatch1.6.8p6
OR
todd_millersudoMatch1.6.8p7
OR
todd_millersudoMatch1.6.8p8
OR
todd_millersudoMatch1.6.8p9
OR
todd_millersudoMatch1.6.8p10
OR
todd_millersudoMatch1.6.8p11
OR
todd_millersudoMatch1.6.8p12
OR
todd_millersudoMatch1.6.9
OR
todd_millersudoMatch1.6.9p1
OR
todd_millersudoMatch1.6.9p2
OR
todd_millersudoMatch1.6.9p3
OR
todd_millersudoMatch1.6.9p4
OR
todd_millersudoMatch1.6.9p5
OR
todd_millersudoMatch1.6.9p6
OR
todd_millersudoMatch1.6.9p7
OR
todd_millersudoMatch1.6.9p8
OR
todd_millersudoMatch1.6.9p9
OR
todd_millersudoMatch1.6.9p10
OR
todd_millersudoMatch1.6.9p11
OR
todd_millersudoMatch1.6.9p12
OR
todd_millersudoMatch1.6.9p13
OR
todd_millersudoMatch1.6.9p14
OR
todd_millersudoMatch1.6.9p15
OR
todd_millersudoMatch1.6.9p16
OR
todd_millersudoMatch1.6.9p17
OR
todd_millersudoMatch1.6.9p18
OR
todd_millersudoMatch1.6.9p19
OR
todd_millersudoMatch1.6.9p20
OR
todd_millersudoMatch1.6.9p21
OR
todd_millersudoMatch1.6.9p22
OR
todd_millersudoMatch1.7.0
OR
todd_millersudoMatch1.7.1
OR
todd_millersudoMatch1.7.2
OR
todd_millersudoMatch1.7.2p1
OR
todd_millersudoMatch1.7.2p2
OR
todd_millersudoMatch1.7.2p3
OR
todd_millersudoMatch1.7.2p4
OR
todd_millersudoMatch1.7.2p5
OR
todd_millersudoMatch1.7.2p6
OR
todd_millersudoMatch1.7.2p7
VendorProductVersionCPE
todd_millersudo1.3.1cpe:2.3:a:todd_miller:sudo:1.3.1:*:*:*:*:*:*:*
todd_millersudo1.6cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
todd_millersudo1.6.1cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
todd_millersudo1.6.2cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
todd_millersudo1.6.2p1cpe:2.3:a:todd_miller:sudo:1.6.2p1:*:*:*:*:*:*:*
todd_millersudo1.6.2p2cpe:2.3:a:todd_miller:sudo:1.6.2p2:*:*:*:*:*:*:*
todd_millersudo1.6.2p3cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*
todd_millersudo1.6.3cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
todd_millersudo1.6.3p1cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*
todd_millersudo1.6.3p2cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*
Rows per page:
1-10 of 741

References

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

10.1%