The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
2010-04-16T19:30:00.523
2025-04-11T00:51:21.963
Deferred
CVSSv2: 6.9 (MEDIUM)
AV:L/AC:M/Au:N/C:C/I:C/A:C
3.4
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | todd_miller | sudo | 1.6.8 | Yes |
| Application | todd_miller | sudo | 1.6.8_p1 | Yes |
| Application | todd_miller | sudo | 1.6.8_p2 | Yes |
| Application | todd_miller | sudo | 1.6.8_p5 | Yes |
| Application | todd_miller | sudo | 1.6.8_p7 | Yes |
| Application | todd_miller | sudo | 1.6.8_p8 | Yes |
| Application | todd_miller | sudo | 1.6.8_p9 | Yes |
| Application | todd_miller | sudo | 1.6.8_p12 | Yes |
| Application | todd_miller | sudo | 1.6.8p7 | Yes |
| Application | todd_miller | sudo | 1.6.9_p17 | Yes |
| Application | todd_miller | sudo | 1.6.9_p18 | Yes |
| Application | todd_miller | sudo | 1.6.9_p19 | Yes |
| Application | todd_miller | sudo | 1.6.9_p20 | Yes |
| Application | todd_miller | sudo | 1.6.9_p21 | Yes |
| Application | todd_miller | sudo | 1.6.9_p22 | Yes |
| Application | todd_miller | sudo | 1.7.0 | Yes |
| Application | todd_miller | sudo | 1.7.1 | Yes |
| Application | todd_miller | sudo | 1.7.2p1 | Yes |
| Application | todd_miller | sudo | 1.7.2p2 | Yes |
| Application | todd_miller | sudo | 1.7.2p3 | Yes |
| Application | todd_miller | sudo | 1.7.2p4 | Yes |