Lucene search

[email protected]NVD:CVE-2010-1646

HistoryJun 07, 2010 - 5:12 p.m.

CVE-2010-1646

2010-06-0717:12:48

CWE-264

[email protected]

web.nvd.nist.gov

6.2 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.1%

JSON

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

Affected configurations

NVD

Node

todd_millersudoMatch1.3.1

todd_millersudoMatch1.6

todd_millersudoMatch1.6.1

todd_millersudoMatch1.6.2

todd_millersudoMatch1.6.2p1

todd_millersudoMatch1.6.2p2

todd_millersudoMatch1.6.2p3

todd_millersudoMatch1.6.3

todd_millersudoMatch1.6.3p1

todd_millersudoMatch1.6.3p2

todd_millersudoMatch1.6.3p3

todd_millersudoMatch1.6.3p4

todd_millersudoMatch1.6.3p5

todd_millersudoMatch1.6.3p6

todd_millersudoMatch1.6.3p7

todd_millersudoMatch1.6.4

todd_millersudoMatch1.6.4p1

todd_millersudoMatch1.6.4p2

todd_millersudoMatch1.6.5

todd_millersudoMatch1.6.5p1

todd_millersudoMatch1.6.5p2

todd_millersudoMatch1.6.6

todd_millersudoMatch1.6.7

todd_millersudoMatch1.6.7p1

todd_millersudoMatch1.6.7p2

todd_millersudoMatch1.6.7p3

todd_millersudoMatch1.6.7p4

todd_millersudoMatch1.6.7p5

todd_millersudoMatch1.6.8

todd_millersudoMatch1.6.8p1

todd_millersudoMatch1.6.8p2

todd_millersudoMatch1.6.8p3

todd_millersudoMatch1.6.8p4

todd_millersudoMatch1.6.8p5

todd_millersudoMatch1.6.8p6

todd_millersudoMatch1.6.8p7

todd_millersudoMatch1.6.8p8

todd_millersudoMatch1.6.8p9

todd_millersudoMatch1.6.8p10

todd_millersudoMatch1.6.8p11

todd_millersudoMatch1.6.8p12

todd_millersudoMatch1.6.9

todd_millersudoMatch1.6.9p1

todd_millersudoMatch1.6.9p2

todd_millersudoMatch1.6.9p3

todd_millersudoMatch1.6.9p4

todd_millersudoMatch1.6.9p5

todd_millersudoMatch1.6.9p6

todd_millersudoMatch1.6.9p7

todd_millersudoMatch1.6.9p8

todd_millersudoMatch1.6.9p9

todd_millersudoMatch1.6.9p10

todd_millersudoMatch1.6.9p11

todd_millersudoMatch1.6.9p12

todd_millersudoMatch1.6.9p13

todd_millersudoMatch1.6.9p14

todd_millersudoMatch1.6.9p15

todd_millersudoMatch1.6.9p16

todd_millersudoMatch1.6.9p17

todd_millersudoMatch1.6.9p18

todd_millersudoMatch1.6.9p19

todd_millersudoMatch1.6.9p20

todd_millersudoMatch1.6.9p21

todd_millersudoMatch1.6.9p22

todd_millersudoMatch1.7.0

todd_millersudoMatch1.7.1

todd_millersudoMatch1.7.2

todd_millersudoMatch1.7.2p1

todd_millersudoMatch1.7.2p2

todd_millersudoMatch1.7.2p3

todd_millersudoMatch1.7.2p4

todd_millersudoMatch1.7.2p5

todd_millersudoMatch1.7.2p6

todd_millersudoMatch1.7.2p7

References

lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/40002

secunia.com/advisories/40188

secunia.com/advisories/40215

secunia.com/advisories/40508

secunia.com/advisories/43068

security.gentoo.org/glsa/glsa-201009-03.xml

wiki.rpath.com/Advisories:rPSA-2010-0075

www.debian.org/security/2010/dsa-2062

www.mandriva.com/security/advisories?name=MDVSA-2010:118

www.osvdb.org/65083

www.redhat.com/support/errata/RHSA-2010-0475.html

www.securityfocus.com/archive/1/514489/100/0/threaded

www.securityfocus.com/bid/40538

www.securitytracker.com/id?1024101

www.sudo.ws/repos/sudo/rev/3057fde43cf0

www.sudo.ws/repos/sudo/rev/a09c6812eaec

www.sudo.ws/sudo/alerts/secure_path.html

www.vupen.com/english/advisories/2010/1452

www.vupen.com/english/advisories/2010/1478

www.vupen.com/english/advisories/2010/1518

www.vupen.com/english/advisories/2010/1519

www.vupen.com/english/advisories/2011/0212

bugzilla.redhat.com/show_bug.cgi?id=598154

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338

6.2 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for NVD:CVE-2010-1646

freebsd1 oraclelinux1 nessus16 openvas21 centos1 fedora3 debian2 prion1 osv1 securityvulns2 debiancve1 ubuntucve1 veracode1 cvelist1 cve1 ubuntu1 redhat1 gentoo1 altlinux2 vmware2