CVE-2010-0426
24.02.2010, 18:30
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.Enginsight
Vendor | Product | Version |
---|---|---|
todd_miller | sudo | 1.6 |
todd_miller | sudo | 1.6.1 |
todd_miller | sudo | 1.6.2 |
todd_miller | sudo | 1.6.3 |
todd_miller | sudo | 1.6.3_p1 |
todd_miller | sudo | 1.6.3_p2 |
todd_miller | sudo | 1.6.3_p3 |
todd_miller | sudo | 1.6.3_p4 |
todd_miller | sudo | 1.6.3_p5 |
todd_miller | sudo | 1.6.3_p6 |
todd_miller | sudo | 1.6.3_p7 |
todd_miller | sudo | 1.6.4_p1 |
todd_miller | sudo | 1.6.4_p2 |
todd_miller | sudo | 1.6.5_p1 |
todd_miller | sudo | 1.6.5_p2 |
todd_miller | sudo | 1.6.7_p5 |
todd_miller | sudo | 1.6.8_p1 |
todd_miller | sudo | 1.6.8_p2 |
todd_miller | sudo | 1.6.8_p5 |
todd_miller | sudo | 1.6.8_p7 |
todd_miller | sudo | 1.6.8_p8 |
todd_miller | sudo | 1.6.8_p9 |
todd_miller | sudo | 1.6.8_p12 |
todd_miller | sudo | 1.6.9_p17 |
todd_miller | sudo | 1.6.9_p18 |
todd_miller | sudo | 1.6.9_p19 |
todd_miller | sudo | 1.7.0 |
todd_miller | sudo | 1.7.1 |
todd_miller | sudo | 1.7.2 |
todd_miller | sudo | 1.7.2p1 |
todd_miller | sudo | 1.7.2p2 |
todd_miller | sudo | 1.7.2p3 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Common Weakness Enumeration
References