CVE-2010-1646

EUVD-2010-1667
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 UNKNOWN
LOCAL
HIGH
AV:L/AC:H/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
todd_millersudo
1.3.1
todd_millersudo
1.6
todd_millersudo
1.6.1
todd_millersudo
1.6.2
todd_millersudo
1.6.2p1:p1
todd_millersudo
1.6.2p2:p2
todd_millersudo
1.6.2p3:p3
todd_millersudo
1.6.3
todd_millersudo
1.6.3p1:p1
todd_millersudo
1.6.3p2:p2
todd_millersudo
1.6.3p3:p3
todd_millersudo
1.6.3p4:p4
todd_millersudo
1.6.3p5:p5
todd_millersudo
1.6.3p6:p6
todd_millersudo
1.6.3p7:p7
todd_millersudo
1.6.4
todd_millersudo
1.6.4p1:p1
todd_millersudo
1.6.4p2:p2
todd_millersudo
1.6.5
todd_millersudo
1.6.5p1:p1
todd_millersudo
1.6.5p2:p2
todd_millersudo
1.6.6
todd_millersudo
1.6.7
todd_millersudo
1.6.7p1:p1
todd_millersudo
1.6.7p2:p2
todd_millersudo
1.6.7p3:p3
todd_millersudo
1.6.7p4:p4
todd_millersudo
1.6.7p5:p5
todd_millersudo
1.6.8
todd_millersudo
1.6.8p1:p1
todd_millersudo
1.6.8p2:p2
todd_millersudo
1.6.8p3:p3
todd_millersudo
1.6.8p4:p4
todd_millersudo
1.6.8p5:p5
todd_millersudo
1.6.8p6:p6
todd_millersudo
1.6.8p7:p7
todd_millersudo
1.6.8p8:p8
todd_millersudo
1.6.8p9:p9
todd_millersudo
1.6.8p10:p10
todd_millersudo
1.6.8p11:p11
todd_millersudo
1.6.8p12:p12
todd_millersudo
1.6.9
todd_millersudo
1.6.9p1:p1
todd_millersudo
1.6.9p2:p2
todd_millersudo
1.6.9p3:p3
todd_millersudo
1.6.9p4:p4
todd_millersudo
1.6.9p5:p5
todd_millersudo
1.6.9p6:p6
todd_millersudo
1.6.9p7:p7
todd_millersudo
1.6.9p8:p8
todd_millersudo
1.6.9p9:p9
todd_millersudo
1.6.9p10:p10
todd_millersudo
1.6.9p11:p11
todd_millersudo
1.6.9p12:p12
todd_millersudo
1.6.9p13:p13
todd_millersudo
1.6.9p14:p14
todd_millersudo
1.6.9p15:p15
todd_millersudo
1.6.9p16:p16
todd_millersudo
1.6.9p17:p17
todd_millersudo
1.6.9p18:p18
todd_millersudo
1.6.9p19:p19
todd_millersudo
1.6.9p20:p20
todd_millersudo
1.6.9p21:p21
todd_millersudo
1.6.9p22:p22
todd_millersudo
1.7.0
todd_millersudo
1.7.1
todd_millersudo
1.7.2
todd_millersudo
1.7.2p1:p1
todd_millersudo
1.7.2p2:p2
todd_millersudo
1.7.2p3:p3
todd_millersudo
1.7.2p4:p4
todd_millersudo
1.7.2p5:p5
todd_millersudo
1.7.2p6:p6
todd_millersudo
1.7.2p7:p7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sudo
bookworm
1.9.13p3-1+deb12u1
fixed
bullseye
1.9.5p2-3+deb11u1
fixed
bullseye (security)
1.9.5p2-3+deb11u1
fixed
sid
1.9.16-2
fixed
trixie
1.9.16-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sudo
dapper
Fixed 1.6.8p12-1ubuntu6.3
released
hardy
Fixed 1.6.9p10-1ubuntu3.8
released
jaunty
Fixed 1.6.9p17-1ubuntu3.3
released
karmic
Fixed 1.7.0-1ubuntu2.4
released
lucid
Fixed 1.7.2p1-1ubuntu5.1
released
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/40002
http://secunia.com/advisories/40188
http://secunia.com/advisories/40215
http://secunia.com/advisories/40508
http://secunia.com/advisories/43068
http://security.gentoo.org/glsa/glsa-201009-03.xml
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.debian.org/security/2010/dsa-2062
http://www.mandriva.com/security/advisories?name=MDVSA-2010:118
http://www.osvdb.org/65083
http://www.redhat.com/support/errata/RHSA-2010-0475.html
http://www.securityfocus.com/archive/1/514489/100/0/threaded
http://www.securityfocus.com/bid/40538
http://www.securitytracker.com/id?1024101
http://www.sudo.ws/repos/sudo/rev/3057fde43cf0
http://www.sudo.ws/repos/sudo/rev/a09c6812eaec
http://www.sudo.ws/sudo/alerts/secure_path.html
http://www.vupen.com/english/advisories/2010/1452
http://www.vupen.com/english/advisories/2010/1478
http://www.vupen.com/english/advisories/2010/1518
http://www.vupen.com/english/advisories/2010/1519
http://www.vupen.com/english/advisories/2011/0212
https://bugzilla.redhat.com/show_bug.cgi?id=598154
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/40002
http://secunia.com/advisories/40188
http://secunia.com/advisories/40215
http://secunia.com/advisories/40508
http://secunia.com/advisories/43068
http://security.gentoo.org/glsa/glsa-201009-03.xml
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.debian.org/security/2010/dsa-2062
http://www.mandriva.com/security/advisories?name=MDVSA-2010:118
http://www.osvdb.org/65083
http://www.redhat.com/support/errata/RHSA-2010-0475.html
http://www.securityfocus.com/archive/1/514489/100/0/threaded
http://www.securityfocus.com/bid/40538
http://www.securitytracker.com/id?1024101
http://www.sudo.ws/repos/sudo/rev/3057fde43cf0
http://www.sudo.ws/repos/sudo/rev/a09c6812eaec
http://www.sudo.ws/sudo/alerts/secure_path.html
http://www.vupen.com/english/advisories/2010/1452
http://www.vupen.com/english/advisories/2010/1478
http://www.vupen.com/english/advisories/2010/1518
http://www.vupen.com/english/advisories/2010/1519
http://www.vupen.com/english/advisories/2011/0212
https://bugzilla.redhat.com/show_bug.cgi?id=598154
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338