Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

Published

2010-06-07T17:12:48.123

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.2 (MEDIUM)

CVSSv2 Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

1.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	todd_miller	sudo	1.3.1	Yes
Application	todd_miller	sudo	1.6	Yes
Application	todd_miller	sudo	1.6.1	Yes
Application	todd_miller	sudo	1.6.2	Yes
Application	todd_miller	sudo	1.6.2p1	Yes
Application	todd_miller	sudo	1.6.2p2	Yes
Application	todd_miller	sudo	1.6.2p3	Yes
Application	todd_miller	sudo	1.6.3	Yes
Application	todd_miller	sudo	1.6.3p1	Yes
Application	todd_miller	sudo	1.6.3p2	Yes
Application	todd_miller	sudo	1.6.3p3	Yes
Application	todd_miller	sudo	1.6.3p4	Yes
Application	todd_miller	sudo	1.6.3p5	Yes
Application	todd_miller	sudo	1.6.3p6	Yes
Application	todd_miller	sudo	1.6.3p7	Yes
Application	todd_miller	sudo	1.6.4	Yes
Application	todd_miller	sudo	1.6.4p1	Yes
Application	todd_miller	sudo	1.6.4p2	Yes
Application	todd_miller	sudo	1.6.5	Yes
Application	todd_miller	sudo	1.6.5p1	Yes
Application	todd_miller	sudo	1.6.5p2	Yes
Application	todd_miller	sudo	1.6.6	Yes
Application	todd_miller	sudo	1.6.7	Yes
Application	todd_miller	sudo	1.6.7p1	Yes
Application	todd_miller	sudo	1.6.7p2	Yes
Application	todd_miller	sudo	1.6.7p3	Yes
Application	todd_miller	sudo	1.6.7p4	Yes
Application	todd_miller	sudo	1.6.7p5	Yes
Application	todd_miller	sudo	1.6.8	Yes
Application	todd_miller	sudo	1.6.8p1	Yes
Application	todd_miller	sudo	1.6.8p2	Yes
Application	todd_miller	sudo	1.6.8p3	Yes
Application	todd_miller	sudo	1.6.8p4	Yes
Application	todd_miller	sudo	1.6.8p5	Yes
Application	todd_miller	sudo	1.6.8p6	Yes
Application	todd_miller	sudo	1.6.8p7	Yes
Application	todd_miller	sudo	1.6.8p8	Yes
Application	todd_miller	sudo	1.6.8p9	Yes
Application	todd_miller	sudo	1.6.8p10	Yes
Application	todd_miller	sudo	1.6.8p11	Yes
Application	todd_miller	sudo	1.6.8p12	Yes
Application	todd_miller	sudo	1.6.9	Yes
Application	todd_miller	sudo	1.6.9p1	Yes
Application	todd_miller	sudo	1.6.9p2	Yes
Application	todd_miller	sudo	1.6.9p3	Yes
Application	todd_miller	sudo	1.6.9p4	Yes
Application	todd_miller	sudo	1.6.9p5	Yes
Application	todd_miller	sudo	1.6.9p6	Yes
Application	todd_miller	sudo	1.6.9p7	Yes
Application	todd_miller	sudo	1.6.9p8	Yes
Application	todd_miller	sudo	1.6.9p9	Yes
Application	todd_miller	sudo	1.6.9p10	Yes
Application	todd_miller	sudo	1.6.9p11	Yes
Application	todd_miller	sudo	1.6.9p12	Yes
Application	todd_miller	sudo	1.6.9p13	Yes
Application	todd_miller	sudo	1.6.9p14	Yes
Application	todd_miller	sudo	1.6.9p15	Yes
Application	todd_miller	sudo	1.6.9p16	Yes
Application	todd_miller	sudo	1.6.9p17	Yes
Application	todd_miller	sudo	1.6.9p18	Yes
Application	todd_miller	sudo	1.6.9p19	Yes
Application	todd_miller	sudo	1.6.9p20	Yes
Application	todd_miller	sudo	1.6.9p21	Yes
Application	todd_miller	sudo	1.6.9p22	Yes
Application	todd_miller	sudo	1.7.0	Yes
Application	todd_miller	sudo	1.7.1	Yes
Application	todd_miller	sudo	1.7.2	Yes
Application	todd_miller	sudo	1.7.2p1	Yes
Application	todd_miller	sudo	1.7.2p2	Yes
Application	todd_miller	sudo	1.7.2p3	Yes
Application	todd_miller	sudo	1.7.2p4	Yes
Application	todd_miller	sudo	1.7.2p5	Yes
Application	todd_miller	sudo	1.7.2p6	Yes
Application	todd_miller	sudo	1.7.2p7	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html ([email protected])
http://secunia.com/advisories/40002 Vendor Advisory ([email protected])
http://secunia.com/advisories/40188 ([email protected])
http://secunia.com/advisories/40215 ([email protected])
http://secunia.com/advisories/40508 ([email protected])
http://secunia.com/advisories/43068 ([email protected])
http://security.gentoo.org/glsa/glsa-201009-03.xml ([email protected])
http://wiki.rpath.com/Advisories:rPSA-2010-0075 ([email protected])
http://www.debian.org/security/2010/dsa-2062 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:118 ([email protected])
http://www.osvdb.org/65083 ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0475.html ([email protected])
http://www.securityfocus.com/archive/1/514489/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/40538 ([email protected])
http://www.securitytracker.com/id?1024101 ([email protected])
http://www.sudo.ws/repos/sudo/rev/3057fde43cf0 Exploit, Patch ([email protected])
http://www.sudo.ws/repos/sudo/rev/a09c6812eaec Exploit, Patch ([email protected])
http://www.sudo.ws/sudo/alerts/secure_path.html Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/1452 ([email protected])
http://www.vupen.com/english/advisories/2010/1478 ([email protected])
http://www.vupen.com/english/advisories/2010/1518 ([email protected])
http://www.vupen.com/english/advisories/2010/1519 ([email protected])
http://www.vupen.com/english/advisories/2011/0212 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=598154 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338 ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40002 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40188 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40215 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40508 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43068 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201009-03.xml (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/Advisories:rPSA-2010-0075 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2010/dsa-2062 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:118 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/65083 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0475.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/514489/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/40538 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024101 (af854a3a-2127-422b-91ae-364da2661108)
http://www.sudo.ws/repos/sudo/rev/3057fde43cf0 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.sudo.ws/repos/sudo/rev/a09c6812eaec Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.sudo.ws/sudo/alerts/secure_path.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1452 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1478 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1518 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1519 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0212 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=598154 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338 (af854a3a-2127-422b-91ae-364da2661108)