- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-201006-09 (sudo: Privilege escalation)
The command matching functionality does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for '.'.
Impact :
A local attacker with the permission to run sudoedit could, under certain circumstances, execute arbitrary commands as whichever user he has permission to run sudoedit as, typically root.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top