CVE-2010-1646

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/40002

http://secunia.com/advisories/40188

http://secunia.com/advisories/40215

http://secunia.com/advisories/40508

http://secunia.com/advisories/43068

http://security.gentoo.org/glsa/glsa-201009-03.xml

http://wiki.rpath.com/Advisories:rPSA-2010-0075

http://www.debian.org/security/2010/dsa-2062

http://www.mandriva.com/security/advisories?name=MDVSA-2010:118

http://www.osvdb.org/65083

http://www.redhat.com/support/errata/RHSA-2010-0475.html

http://www.securityfocus.com/archive/1/514489/100/0/threaded

http://www.securityfocus.com/bid/40538

http://www.securitytracker.com/id?1024101

http://www.sudo.ws/repos/sudo/rev/3057fde43cf0

http://www.sudo.ws/repos/sudo/rev/a09c6812eaec

http://www.sudo.ws/sudo/alerts/secure_path.html

http://www.vupen.com/english/advisories/2010/1452

http://www.vupen.com/english/advisories/2010/1478

http://www.vupen.com/english/advisories/2010/1518

http://www.vupen.com/english/advisories/2010/1519

http://www.vupen.com/english/advisories/2011/0212

https://bugzilla.redhat.com/show_bug.cgi?id=598154

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338

Details

Source: MITRE

Published: 2010-06-07

Updated: 2018-10-10

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.2

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 1.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:todd_miller:sudo:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.2p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.2p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.7p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.7p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.7p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.7p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p8:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p9:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p10:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p11:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p7:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p8:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p9:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p10:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p11:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p12:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p13:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p14:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p15:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p16:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p17:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p18:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p19:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
89742VMware ESX Multiple Vulnerabilities (VMSA-2010-0015) (remote check)NessusVMware ESX Local Security Checks
critical
75751openSUSE Security Update : sudo (openSUSE-SU-2011:0050-1)NessusSuSE Local Security Checks
medium
68050Oracle Linux 5 : sudo (ELSA-2010-0475)NessusOracle Linux Local Security Checks
medium
60803Scientific Linux Security Update : sudo on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
53801openSUSE Security Update : sudo (openSUSE-SU-2011:0050-1)NessusSuSE Local Security Checks
medium
49703VMSA-2010-0015 : VMware ESX third-party updates for Service ConsoleNessusVMware ESX Local Security Checks
critical
49124GLSA-201009-03 : sudo: Privilege EscalationNessusGentoo Local Security Checks
medium
47575Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : sudo vulnerability (USN-956-1)NessusUbuntu Local Security Checks
medium
47533Fedora 11 : sudo-1.7.2p6-2.fc11 (2010-9417)NessusFedora Local Security Checks
medium
47532Fedora 12 : sudo-1.7.2p6-2.fc12 (2010-9415)NessusFedora Local Security Checks
medium
47531Fedora 13 : sudo-1.7.2p6-2.fc13 (2010-9402)NessusFedora Local Security Checks
medium
47104Debian DSA-2062-1 : sudo - missing input sanitizationNessusDebian Local Security Checks
medium
47041Mandriva Linux Security Advisory : sudo (MDVSA-2010:118)NessusMandriva Local Security Checks
medium
47032CentOS 5 : sudo (CESA-2010:0475)NessusCentOS Local Security Checks
medium
47027RHEL 5 : sudo (RHSA-2010:0475)NessusRed Hat Local Security Checks
medium
46792FreeBSD : sudo -- Secure path vulnerability (d42e5b66-6ea0-11df-9c8d-00e0815b8da8)NessusFreeBSD Local Security Checks
medium