QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2010-1163

Back to search

CVE-2010-1163

Published: Apr 16, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

VendorProductVersions

n/a

n/a

affected
n/a

References

USN-928-1
vendor-advisory
x_refsource_UBUNTU
43068
third-party-advisory
x_refsource_SECUNIA
RHSA-2010:0361
vendor-advisory
x_refsource_REDHAT
ADV-2011-0212
vdb-entry
x_refsource_VUPEN
39384
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9382
vdb-entry
signature
x_refsource_OVAL
39543
third-party-advisory
x_refsource_SECUNIA
39399
third-party-advisory
x_refsource_SECUNIA
ADV-2010-1019
vdb-entry
x_refsource_VUPEN
63878
vdb-entry
x_refsource_OSVDB
ADV-2010-0956
vdb-entry
x_refsource_VUPEN
20101027 rPSA-2010-0075-1 sudo
mailing-list
x_refsource_BUGTRAQ
MDVSA-2010:078
vendor-advisory
x_refsource_MANDRIVA
FEDORA-2010-6756
vendor-advisory
x_refsource_FEDORA
ADV-2010-0895
vdb-entry
x_refsource_VUPEN
SUSE-SR:2011:002
vendor-advisory
x_refsource_SUSE
ADV-2010-0949
vdb-entry
x_refsource_VUPEN
39468
vdb-entry
x_refsource_BID
ADV-2010-0881
vdb-entry
x_refsource_VUPEN
39474
third-party-advisory
x_refsource_SECUNIA
ADV-2010-0904
vdb-entry
x_refsource_VUPEN
SSA:2010-110-01
vendor-advisory
x_refsource_SLACKWARE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now