QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2010-1646

Back to search

CVE-2010-1646

Published: Jun 7, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

VendorProductVersions

n/a

n/a

affected
n/a

References

65083
vdb-entry
x_refsource_OSVDB
FEDORA-2010-9417
vendor-advisory
x_refsource_FEDORA
43068
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10580
vdb-entry
signature
x_refsource_OVAL
MDVSA-2010:118
vendor-advisory
x_refsource_MANDRIVA
ADV-2011-0212
vdb-entry
x_refsource_VUPEN
40188
third-party-advisory
x_refsource_SECUNIA
40002
third-party-advisory
x_refsource_SECUNIA
40215
third-party-advisory
x_refsource_SECUNIA
20101027 rPSA-2010-0075-1 sudo
mailing-list
x_refsource_BUGTRAQ
1024101
vdb-entry
x_refsource_SECTRACK
40538
vdb-entry
x_refsource_BID
FEDORA-2010-9415
vendor-advisory
x_refsource_FEDORA
SUSE-SR:2011:002
vendor-advisory
x_refsource_SUSE
DSA-2062
vendor-advisory
x_refsource_DEBIAN
FEDORA-2010-9402
vendor-advisory
x_refsource_FEDORA
GLSA-201009-03
vendor-advisory
x_refsource_GENTOO
ADV-2010-1478
vdb-entry
x_refsource_VUPEN
RHSA-2010:0475
vendor-advisory
x_refsource_REDHAT
oval:org.mitre.oval:def:7338
vdb-entry
signature
x_refsource_OVAL
40508
third-party-advisory
x_refsource_SECUNIA
ADV-2010-1518
vdb-entry
x_refsource_VUPEN
ADV-2010-1519
vdb-entry
x_refsource_VUPEN
ADV-2010-1452
vdb-entry
x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now