Sudo@1.7.2 Security Vulnerabilities and Issues — Sudo@1.7.2 CVE List

Lucene search

Todd MillerSudo1.7.2

3 matches found

CVE•added 2010/02/24 6:30 p.m.•85 views

CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a...

6.9CVSS7.6AI score0.0076EPSS

CVE•added 2010/06/07 5:12 p.m.•74 views

CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

6.2CVSS6.1AI score0.00078EPSS

CVE•added 2010/09/10 7:0 p.m.•59 views

CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

6.2CVSS8.5AI score0.00078EPSS