CVE-2010-0426

MEDIUM

Description

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.

References

ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

http://secunia.com/advisories/38659

http://secunia.com/advisories/38762

http://secunia.com/advisories/38795

http://secunia.com/advisories/38803

http://secunia.com/advisories/38915

http://secunia.com/advisories/39399

http://securitytracker.com/id?1023658

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019

http://sudo.ws/bugs/show_bug.cgi?id=389

http://sudo.ws/repos/sudo/rev/88f3181692fe

http://sudo.ws/repos/sudo/rev/f86e1b56d074

http://wiki.rpath.com/Advisories:rPSA-2010-0075

http://www.debian.org/security/2010/dsa-2006

http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml

http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/

http://www.mandriva.com/security/advisories?name=MDVSA-2010:049

http://www.securityfocus.com/archive/1/514489/100/0/threaded

http://www.securityfocus.com/bid/38362

http://www.sudo.ws/sudo/stable.html

http://www.ubuntu.com/usn/USN-905-1

http://www.vupen.com/english/advisories/2010/0450

http://www.vupen.com/english/advisories/2010/0949

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238

Details

Source: MITRE

Published: 2010-02-24

Updated: 2018-10-10

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
89740VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)NessusVMware ESX Local Security Checks
critical
68033Oracle Linux 5 : sudo (ELSA-2010-0361)NessusOracle Linux Local Security Checks
medium
68002Oracle Linux 5 : sudo (ELSA-2010-0122)NessusOracle Linux Local Security Checks
medium
60739Scientific Linux Security Update : sudo on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
49927SuSE 10 Security Update : sudo (ZYPP Patch Number 6892)NessusSuSE Local Security Checks
medium
47449Fedora 13 : sudo-1.7.2p6-1.fc13 (2010-6756)NessusFedora Local Security Checks
medium
47448Fedora 11 : sudo-1.7.2p6-1.fc11 (2010-6749)NessusFedora Local Security Checks
medium
47444Fedora 12 : sudo-1.7.2p6-1.fc12 (2010-6701)NessusFedora Local Security Checks
medium
47313Fedora 11 : sudo-1.7.2p5-1.fc11 (2010-3415)NessusFedora Local Security Checks
medium
47309Fedora 12 : sudo-1.7.2p5-1.fc12 (2010-3359)NessusFedora Local Security Checks
medium
47308Fedora 13 : sudo-1.7.2p5-1.fc13 (2010-3352)NessusFedora Local Security Checks
medium
46765VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updatesNessusVMware ESX Local Security Checks
critical
46756CentOS 5 : sudo (CESA-2010:0361)NessusCentOS Local Security Checks
medium
46302RHEL 5 : sudo (RHSA-2010:0361)NessusRed Hat Local Security Checks
medium
45581Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2010-110-01)NessusSlackware Local Security Checks
medium
45550Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : sudo vulnerability (USN-928-1)NessusUbuntu Local Security Checks
medium
45015SuSE 10 Security Update : sudo (ZYPP Patch Number 6891)NessusSuSE Local Security Checks
medium
45014SuSE 11 Security Update : sudo (SAT Patch Number 2084)NessusSuSE Local Security Checks
medium
45013openSUSE Security Update : sudo (sudo-2083)NessusSuSE Local Security Checks
medium
45012openSUSE Security Update : sudo (sudo-2083)NessusSuSE Local Security Checks
medium
45011openSUSE Security Update : sudo (sudo-2083)NessusSuSE Local Security Checks
medium
44971GLSA-201003-01 : sudo: Privilege escalationNessusGentoo Local Security Checks
medium
44970Debian DSA-2006-1 : sudo - several vulnerabilitiesNessusDebian Local Security Checks
medium
44952FreeBSD : sudo -- Privilege escalation with sudoedit (018a84d0-2548-11df-b4a3-00e0815b8da8)NessusFreeBSD Local Security Checks
medium
44949CentOS 5 : sudo (CESA-2010:0122)NessusCentOS Local Security Checks
medium
44936Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : sudo vulnerabilities (USN-905-1)NessusUbuntu Local Security Checks
medium
44924RHEL 5 : sudo (RHSA-2010:0122)NessusRed Hat Local Security Checks
medium
44919Mandriva Linux Security Advisory : sudo (MDVSA-2010:049)NessusMandriva Local Security Checks
medium