Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-1646
HistoryJun 07, 2010 - 12:00 a.m.

CVE-2010-1646

2010-06-0700:00:00
ubuntu.com
ubuntu.com
19

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0
through 1.7.2p6 does not properly handle an environment that contains
multiple PATH variables, which might allow local users to gain privileges
via a crafted value of the last PATH variable.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchsudo< 1.6.8p12-1ubuntu6.3UNKNOWN
ubuntu8.04noarchsudo< 1.6.9p10-1ubuntu3.8UNKNOWN
ubuntu9.04noarchsudo< 1.6.9p17-1ubuntu3.3UNKNOWN
ubuntu9.10noarchsudo< 1.7.0-1ubuntu2.4UNKNOWN
ubuntu10.04noarchsudo< 1.7.2p1-1ubuntu5.1UNKNOWN

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%