Sudo sudoedit Local Command Privilege Escalation Vulnerability

Sudo contains a vulnerability that could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability exists due to an error in the affected software while matching commands due to incorrect path resolution. A local attacker with privileges to...

Sudo sudoedit路径解析本地权限提升漏洞

BUGTRAQ ID: 39468 CVE ID: CVE-2010-1163 Sudo是一款允许用户以其他用户权限安全的执行命令的程序，广泛使用在Linux和Unix操作系统下。...

Mandriva Update for sudo MDVSA-2010:078 (sudo)

Check for the Version of sudo OpenVAS Vulnerability Test Mandriva Update for sudo MDVSA-2010:078 sudo Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Update for sudo MDVSA-2010:078 (sudo)

Check for the Version of sudo OpenVAS Vulnerability Test Mandriva Update for sudo MDVSA-2010:078 sudo Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Linux Security Advisory : sudo (MDVSA-2010:078-1)

A vulnerability has been found and corrected in sudo : The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ., which allow...

[USN-928-1] Sudo vulnerability

=========================================================== Ubuntu Security Notice USN-928-1 April 15, 2010 sudo vulnerability https://launchpad.net/bugs/563963 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubun...

CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

Command injection

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

DEBIAN-CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

CVE-2010-1163

The CVE-2010-1163 issue affects sudo 1.6.8–1.7.2p5. If the PATH contains "." and a file in the CWD shares a name with a sudoers pseudo-command, a local user could invoke arbitrary commands via sudoedit, enabling privilege escalation to root. The vulnerability stems from command matching/path reso...

CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

Ubuntu: Security Advisory (USN-928-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for sudo vulnerability USN-928-1

Ubuntu Update for Linux kernel vulnerabilities USN-928-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9281.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for sudo vulnerability USN-928-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : sudo vulnerability (USN-928-1)

Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot '.'. If securepath and ignoredot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the...

USN-928-1: Sudo vulnerability

Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot '.'. If securepath and ignoredot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the...

xwine 1.0.1 - .exe Local Crash (PoC)

xwine 1.0.1 - .exe Local Crash PoC xwine v1.0.1 .exe file Local Crash PoC Exploit Install: sudo apt-get install xwine Author: JosS mail: sys-projectathotmaildotcom site: http://hack0wn.com/ team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author...

FreeBSD Ports: sudo

The remote host is missing an update to the system as announced in the referenced advisory. VID 018a84d0-2548-11df-b4a3-00e0815b8da8 OpenVAS Vulnerability Test $ Description: Auto generated from VID 018a84d0-2548-11df-b4a3-00e0815b8da8 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...