6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
8.6%
The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.
A flaw was found in the way sudo handled the presence of duplicated
environment variables. A local user authorized to run commands using sudo
could use this flaw to set additional values for the environment variables
set by sudo, which could result in those values being used by the executed
command instead of the values set by sudo. This could possibly lead to
certain intended restrictions being bypassed, such as the secure_path
setting. (CVE-2010-1646)
Red Hat would like to thank Anders Kaseorg and Evan Broder of Ksplice, Inc.
for responsibly reporting this issue.
Users of sudo should upgrade to this updated package, which contains a
backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | ppc | sudo | < 1.7.2p1-7.el5_5 | sudo-1.7.2p1-7.el5_5.ppc.rpm |
RedHat | 5 | src | sudo | < 1.7.2p1-7.el5_5 | sudo-1.7.2p1-7.el5_5.src.rpm |
RedHat | 5 | ia64 | sudo | < 1.7.2p1-7.el5_5 | sudo-1.7.2p1-7.el5_5.ia64.rpm |
RedHat | 5 | x86_64 | sudo | < 1.7.2p1-7.el5_5 | sudo-1.7.2p1-7.el5_5.x86_64.rpm |
RedHat | 5 | i386 | sudo | < 1.7.2p1-7.el5_5 | sudo-1.7.2p1-7.el5_5.i386.rpm |
RedHat | 5 | s390x | sudo | < 1.7.2p1-7.el5_5 | sudo-1.7.2p1-7.el5_5.s390x.rpm |