CVE-2010-1163

2010-04-1600:00:00

ubuntu.com

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not
properly handle when a file in the current working directory has the same
name as a pseudo-command in the sudoers file and the PATH contains an entry
for “.”, which allows local users to execute arbitrary commands via a
Trojan horse executable, as demonstrated using sudoedit, a different
vulnerability than CVE-2010-0426.

Bugs

Notes

Author	Note
jdstrand	in Ubuntu 9.04 and earlier, sudo is compiled with secure_path, so a user must use sudoedit in sudoers and recompile sudo to not use secure_path. On Karmic, secure_path is configurable via suoders (but still set at compile-time). Ubuntu does not use ‘ignore_dot’ by default.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchsudo< 1.6.8p12-1ubuntu6.2UNKNOWN
ubuntu8.04noarchsudo< 1.6.9p10-1ubuntu3.7UNKNOWN
ubuntu8.10noarchsudo< 1.6.9p17-1ubuntu2.3UNKNOWN
ubuntu9.04noarchsudo< 1.6.9p17-1ubuntu3.2UNKNOWN
ubuntu9.10noarchsudo< 1.7.0-1ubuntu2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	sudo	< 1.6.8p12-1ubuntu6.2	UNKNOWN
ubuntu	8.04	noarch	sudo	< 1.6.9p10-1ubuntu3.7	UNKNOWN
ubuntu	8.10	noarch	sudo	< 1.6.9p17-1ubuntu2.3	UNKNOWN
ubuntu	9.04	noarch	sudo	< 1.6.9p17-1ubuntu3.2	UNKNOWN
ubuntu	9.10	noarch	sudo	< 1.7.0-1ubuntu2.2	UNKNOWN