CVE-2010-1646
Vulnerability from cvelistv5
Published
2010-06-07 14:00
Modified
2024-08-07 01:28
Severity ?
EPSS score ?
Summary
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65083",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/65083"
},
{
"name": "FEDORA-2010-9417",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/secure_path.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0"
},
{
"name": "oval:org.mitre.oval:def:10580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580"
},
{
"name": "MDVSA-2010:118",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:118"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "40188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40188"
},
{
"name": "40002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40002"
},
{
"name": "40215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40215"
},
{
"name": "20101027 rPSA-2010-0075-1 sudo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
},
{
"name": "1024101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024101"
},
{
"name": "40538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40538"
},
{
"name": "FEDORA-2010-9415",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "DSA-2062",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2062"
},
{
"name": "FEDORA-2010-9402",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
},
{
"name": "GLSA-201009-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
},
{
"name": "ADV-2010-1478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1478"
},
{
"name": "RHSA-2010:0475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0475.html"
},
{
"name": "oval:org.mitre.oval:def:7338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338"
},
{
"name": "40508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40508"
},
{
"name": "ADV-2010-1518",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1518"
},
{
"name": "ADV-2010-1519",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1519"
},
{
"name": "ADV-2010-1452",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1452"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "65083",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/65083"
},
{
"name": "FEDORA-2010-9417",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/secure_path.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0"
},
{
"name": "oval:org.mitre.oval:def:10580",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580"
},
{
"name": "MDVSA-2010:118",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:118"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "40188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40188"
},
{
"name": "40002",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40002"
},
{
"name": "40215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40215"
},
{
"name": "20101027 rPSA-2010-0075-1 sudo",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
},
{
"name": "1024101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024101"
},
{
"name": "40538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40538"
},
{
"name": "FEDORA-2010-9415",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "DSA-2062",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2062"
},
{
"name": "FEDORA-2010-9402",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
},
{
"name": "GLSA-201009-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
},
{
"name": "ADV-2010-1478",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1478"
},
{
"name": "RHSA-2010:0475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0475.html"
},
{
"name": "oval:org.mitre.oval:def:7338",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338"
},
{
"name": "40508",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40508"
},
{
"name": "ADV-2010-1518",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1518"
},
{
"name": "ADV-2010-1519",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1519"
},
{
"name": "ADV-2010-1452",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1452"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598154"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1646",
"datePublished": "2010-06-07T14:00:00",
"dateReserved": "2010-04-29T00:00:00",
"dateUpdated": "2024-08-07T01:28:41.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-1646\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-06-07T17:12:48.123\",\"lastModified\":\"2024-11-21T01:14:52.780\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.\"},{\"lang\":\"es\",\"value\":\"La funcionalidad de ruta de acceso segura en env.c en sudo v1.3.1 a v1.6.9p22 y v1.7.0 a v1.7.2p6 no controla correctamente un entorno que contenga m\u00faltiples variables PATH, lo que podr\u00eda permitir a usuarios locales conseguir privilegios a trav\u00e9s de un valor debidamente modificado de la \u00faltima variable de entorno PATH.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":6.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":1.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B7FE987-2B49-4FD5-A5A0-35129D4E60C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"976B5923-1BCC-4DE6-A904-930DD833B937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5452DF1-0270-452D-90EB-45E9A084B94C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBFD12E6-F92E-4371-ADA7-BCD41E4C9014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.2p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE57443E-CFAA-4023-B2B0-FA0B660D7643\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.2p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D6343C1-FBC8-43E7-A8DA-EB240B958015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EF4CB38-4033-46A1-9155-DC348261CAEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67FDF4FB-06FA-4A10-A3CF-F52169BC8072\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6848519-57E8-4636-BE10-A0AF06787B20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A458EA77-772C-4641-A08A-5733FA386974\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57B7415D-FE7F-4F67-8384-016BD6044015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09429504-327B-44B3-A651-E933EADA0300\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7889BA46-0FAA-4D62-B2BB-B895060F5585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84FD9DD4-A6D0-40F4-9A8E-8E0017BE349C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B02CEAA5-8409-42AF-A4AE-58D9D16F007F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5DFC86C-7743-4F27-BC10-170F04C23D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A3E4716-6D11-46DD-9378-3C733BBDCD8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55799ECB-CEB1-4839-8053-4C1F071D1526\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2170CFD0-2594-45FB-B68F-0A75114F00A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F99CB6-E185-4CE0-9E43-C5AE9017717B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2F6F9C6-85B6-450F-9165-B23C2BF83EBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"294FC65B-4225-475A-B49A-758823CEDECD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6156B085-AA17-458C-AED1-D658275E43B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.7p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"147D459A-A9F2-46EF-A413-BABDBA854CE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.7p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59310EB2-D33B-408E-87DA-31769211A3E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.7p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A23B0A74-F3D6-4993-B69C-72A3DE828E33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.7p4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32CE5850-4B1D-41E0-AAAE-EE2F5C1BC14A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6419309-385F-4525-AD4B-C73B1A3ED935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BED4713-FC6E-4AC7-B100-8344AF4E2D2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81B76073-DEA4-4D62-A9FD-07D3306CCCD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1DD679B-25C5-4A78-8004-F073403E4431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F95437FF-83F7-443B-9F25-8BE81884C595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821B0A1A-707F-4F4A-A110-3C808C275B14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D735BC1-3E87-4286-9F7D-3181064FF2C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B570E525-A024-4D41-9600-1134433786DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C00A0AF-985D-4046-893B-FE96F21C7B91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9772A9-0C70-4539-A7B8-51288D0E1B9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"758916CE-80D8-442E-AAE0-A128FCD69046\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCE213B0-7046-4813-8E63-D767A8E1E0C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD3604EC-3109-41AF-9068-60C639557BEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE103608-6BCB-4EC0-8EB1-110A80829592\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FFE8FBC-9182-49CC-B151-EE39FA4176F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF1CF6EE-3926-4A2A-BD09-84C0AA025C02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05E8BBC5-1D4A-47F8-AEC6-0A4C22E09AC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D741DD28-B32B-4A4D-8D73-5F2E2B17B142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"553C9803-F6E7-491D-AD16-9809AD010DF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2B05317-F43C-4F0A-8A15-6B6CD1413E7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF164040-2392-4E37-B9D3-5634322C908C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5D94302-8A20-4678-8B54-E448ED34674D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72FC2554-57A2-44D2-B3B0-F4781B4087D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CA72389-8D02-4827-9AC1-594DF3815F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CE457DB-D4F9-4F7D-8D52-2D226F288A16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91A84956-0A2C-48F8-964B-3C3CE1F4B304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0869E8D1-4345-4373-AE39-541A818296FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89DFC1E9-730F-49A5-A351-9140B89BBCBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"521E83C8-F708-493B-9CFF-80747700B783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1949F9F8-2267-48FF-88DA-4E7F57AFB740\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F9EF929-C19F-488C-ACCA-57C712C8F72E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FD54E9C-3E81-4CB0-843E-A31F55DCB7A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B218C163-E5E3-482F-BDBD-C55E55163416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F03EF9C-D90D-425E-AC35-8DD02B7C03F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AC8D478-8554-4947-926A-8B1B27DD122D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64435258-4639-438E-825F-E6AA82D41745\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"643ABD1F-83E1-4B71-AA59-8CF8B4018A46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8967DE4C-3D41-4BCE-97B0-469FCFBCE332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C0D8CB9-3156-4F7F-A616-59EF530540D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2C91B0A-44B6-4B33-A0ED-295C56D97546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07945224-A955-4A33-B54B-11D128FCA0F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41F70C45-9522-4F49-A5B9-62E03410F03E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68372F8A-9AFD-45DE-A9B8-4CDF3154E349\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77DC6C6B-4585-401D-B02E-E70E6157DBC2\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/40002\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40188\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/40215\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/40508\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201009-03.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2010-0075\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2010/dsa-2062\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:118\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/65083\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0475.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/514489/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/40538\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1024101\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.sudo.ws/repos/sudo/rev/3057fde43cf0\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.sudo.ws/repos/sudo/rev/a09c6812eaec\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.sudo.ws/sudo/alerts/secure_path.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1452\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1478\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1518\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1519\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=598154\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201009-03.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2010-0075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2010/dsa-2062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/65083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0475.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/514489/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/40538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1024101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.sudo.ws/repos/sudo/rev/3057fde43cf0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.sudo.ws/repos/sudo/rev/a09c6812eaec\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.sudo.ws/sudo/alerts/secure_path.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1478\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1518\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1519\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=598154\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.