CVE-2010-0426

Priority
Description
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command
is enabled, permits a match between the name of the pseudo-command and the
name of an executable file in an arbitrary directory, which allows local
users to gain privileges via a crafted executable file, as demonstrated by
a file named sudoedit in a user's home directory.
Notes
 jdstrand> "Exploitation of the bug requires that the sudoers file be
  configured to allow the attacker to run sudoedit. If no users have been
  granted access to sudoedit there is no impact."
 jdstrand> Dapper has 1.6.8. If --secure-path is used and compiled to use
  execvp(), then sudo should not be vulnerable. Dapper is compiled with
  --secure-path and happens to use execvp()
Assigned-to
jdstrand
Package
Source: sudo (LP Ubuntu Debian)
Upstream:released (1.6.9p21, 1.7.2p4)
Patches:
Upstream:http://sudo.ws/repos/sudo/rev/88f3181692fe (1.7)
Upstream:http://sudo.ws/repos/sudo/rev/f86e1b56d074 (1.6)
More Information

Updated: 2019-03-19 11:52:25 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)