sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://secunia.com/advisories/38659
http://secunia.com/advisories/38762
http://secunia.com/advisories/38795
http://secunia.com/advisories/38803
http://secunia.com/advisories/38915
http://secunia.com/advisories/39399
http://securitytracker.com/id?1023658
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019
http://sudo.ws/bugs/show_bug.cgi?id=389
http://sudo.ws/repos/sudo/rev/88f3181692fe
http://sudo.ws/repos/sudo/rev/f86e1b56d074
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.debian.org/security/2010/dsa-2006
http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:049
http://www.securityfocus.com/archive/1/514489/100/0/threaded
http://www.securityfocus.com/bid/38362
http://www.sudo.ws/sudo/stable.html
http://www.ubuntu.com/usn/USN-905-1
http://www.vupen.com/english/advisories/2010/0450
http://www.vupen.com/english/advisories/2010/0949
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238
OR
cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89740 | VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check) | Nessus | VMware ESX Local Security Checks | critical |
68033 | Oracle Linux 5 : sudo (ELSA-2010-0361) | Nessus | Oracle Linux Local Security Checks | medium |
68002 | Oracle Linux 5 : sudo (ELSA-2010-0122) | Nessus | Oracle Linux Local Security Checks | medium |
60739 | Scientific Linux Security Update : sudo on SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
49927 | SuSE 10 Security Update : sudo (ZYPP Patch Number 6892) | Nessus | SuSE Local Security Checks | medium |
47449 | Fedora 13 : sudo-1.7.2p6-1.fc13 (2010-6756) | Nessus | Fedora Local Security Checks | medium |
47448 | Fedora 11 : sudo-1.7.2p6-1.fc11 (2010-6749) | Nessus | Fedora Local Security Checks | medium |
47444 | Fedora 12 : sudo-1.7.2p6-1.fc12 (2010-6701) | Nessus | Fedora Local Security Checks | medium |
47313 | Fedora 11 : sudo-1.7.2p5-1.fc11 (2010-3415) | Nessus | Fedora Local Security Checks | medium |
47309 | Fedora 12 : sudo-1.7.2p5-1.fc12 (2010-3359) | Nessus | Fedora Local Security Checks | medium |
47308 | Fedora 13 : sudo-1.7.2p5-1.fc13 (2010-3352) | Nessus | Fedora Local Security Checks | medium |
46765 | VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates | Nessus | VMware ESX Local Security Checks | critical |
46756 | CentOS 5 : sudo (CESA-2010:0361) | Nessus | CentOS Local Security Checks | medium |
46302 | RHEL 5 : sudo (RHSA-2010:0361) | Nessus | Red Hat Local Security Checks | medium |
45581 | Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2010-110-01) | Nessus | Slackware Local Security Checks | medium |
45550 | Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : sudo vulnerability (USN-928-1) | Nessus | Ubuntu Local Security Checks | medium |
45015 | SuSE 10 Security Update : sudo (ZYPP Patch Number 6891) | Nessus | SuSE Local Security Checks | medium |
45014 | SuSE 11 Security Update : sudo (SAT Patch Number 2084) | Nessus | SuSE Local Security Checks | medium |
45013 | openSUSE Security Update : sudo (sudo-2083) | Nessus | SuSE Local Security Checks | medium |
45012 | openSUSE Security Update : sudo (sudo-2083) | Nessus | SuSE Local Security Checks | medium |
45011 | openSUSE Security Update : sudo (sudo-2083) | Nessus | SuSE Local Security Checks | medium |
44971 | GLSA-201003-01 : sudo: Privilege escalation | Nessus | Gentoo Local Security Checks | medium |
44970 | Debian DSA-2006-1 : sudo - several vulnerabilities | Nessus | Debian Local Security Checks | medium |
44952 | FreeBSD : sudo -- Privilege escalation with sudoedit (018a84d0-2548-11df-b4a3-00e0815b8da8) | Nessus | FreeBSD Local Security Checks | medium |
44949 | CentOS 5 : sudo (CESA-2010:0122) | Nessus | CentOS Local Security Checks | medium |
44936 | Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : sudo vulnerabilities (USN-905-1) | Nessus | Ubuntu Local Security Checks | medium |
44924 | RHEL 5 : sudo (RHSA-2010:0122) | Nessus | Red Hat Local Security Checks | medium |
44919 | Mandriva Linux Security Advisory : sudo (MDVSA-2010:049) | Nessus | Mandriva Local Security Checks | medium |