fkie_cve-2010-1646
Vulnerability from fkie_nvd
Published
2010-06-07 17:12
Modified
2025-04-11 00:51
Severity ?
Summary
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
secalert@redhat.comhttp://secunia.com/advisories/40002Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/40188
secalert@redhat.comhttp://secunia.com/advisories/40215
secalert@redhat.comhttp://secunia.com/advisories/40508
secalert@redhat.comhttp://secunia.com/advisories/43068
secalert@redhat.comhttp://security.gentoo.org/glsa/glsa-201009-03.xml
secalert@redhat.comhttp://wiki.rpath.com/Advisories:rPSA-2010-0075
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2062
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:118
secalert@redhat.comhttp://www.osvdb.org/65083
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0475.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/514489/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/40538
secalert@redhat.comhttp://www.securitytracker.com/id?1024101
secalert@redhat.comhttp://www.sudo.ws/repos/sudo/rev/3057fde43cf0Exploit, Patch
secalert@redhat.comhttp://www.sudo.ws/repos/sudo/rev/a09c6812eaecExploit, Patch
secalert@redhat.comhttp://www.sudo.ws/sudo/alerts/secure_path.htmlVendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1452
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1478
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1518
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/1519
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0212
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=598154
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40002Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40188
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40215
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40508
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43068
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201009-03.xml
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2010-0075
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2062
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:118
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/65083
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0475.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/514489/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/40538
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024101
af854a3a-2127-422b-91ae-364da2661108http://www.sudo.ws/repos/sudo/rev/3057fde43cf0Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.sudo.ws/repos/sudo/rev/a09c6812eaecExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.sudo.ws/sudo/alerts/secure_path.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1452
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1478
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1518
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1519
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0212
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=598154
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338
Impacted products
Vendor Product Version
todd_miller sudo 1.3.1
todd_miller sudo 1.6
todd_miller sudo 1.6.1
todd_miller sudo 1.6.2
todd_miller sudo 1.6.2p1
todd_miller sudo 1.6.2p2
todd_miller sudo 1.6.2p3
todd_miller sudo 1.6.3
todd_miller sudo 1.6.3p1
todd_miller sudo 1.6.3p2
todd_miller sudo 1.6.3p3
todd_miller sudo 1.6.3p4
todd_miller sudo 1.6.3p5
todd_miller sudo 1.6.3p6
todd_miller sudo 1.6.3p7
todd_miller sudo 1.6.4
todd_miller sudo 1.6.4p1
todd_miller sudo 1.6.4p2
todd_miller sudo 1.6.5
todd_miller sudo 1.6.5p1
todd_miller sudo 1.6.5p2
todd_miller sudo 1.6.6
todd_miller sudo 1.6.7
todd_miller sudo 1.6.7p1
todd_miller sudo 1.6.7p2
todd_miller sudo 1.6.7p3
todd_miller sudo 1.6.7p4
todd_miller sudo 1.6.7p5
todd_miller sudo 1.6.8
todd_miller sudo 1.6.8p1
todd_miller sudo 1.6.8p2
todd_miller sudo 1.6.8p3
todd_miller sudo 1.6.8p4
todd_miller sudo 1.6.8p5
todd_miller sudo 1.6.8p6
todd_miller sudo 1.6.8p7
todd_miller sudo 1.6.8p8
todd_miller sudo 1.6.8p9
todd_miller sudo 1.6.8p10
todd_miller sudo 1.6.8p11
todd_miller sudo 1.6.8p12
todd_miller sudo 1.6.9
todd_miller sudo 1.6.9p1
todd_miller sudo 1.6.9p2
todd_miller sudo 1.6.9p3
todd_miller sudo 1.6.9p4
todd_miller sudo 1.6.9p5
todd_miller sudo 1.6.9p6
todd_miller sudo 1.6.9p7
todd_miller sudo 1.6.9p8
todd_miller sudo 1.6.9p9
todd_miller sudo 1.6.9p10
todd_miller sudo 1.6.9p11
todd_miller sudo 1.6.9p12
todd_miller sudo 1.6.9p13
todd_miller sudo 1.6.9p14
todd_miller sudo 1.6.9p15
todd_miller sudo 1.6.9p16
todd_miller sudo 1.6.9p17
todd_miller sudo 1.6.9p18
todd_miller sudo 1.6.9p19
todd_miller sudo 1.6.9p20
todd_miller sudo 1.6.9p21
todd_miller sudo 1.6.9p22
todd_miller sudo 1.7.0
todd_miller sudo 1.7.1
todd_miller sudo 1.7.2
todd_miller sudo 1.7.2p1
todd_miller sudo 1.7.2p2
todd_miller sudo 1.7.2p3
todd_miller sudo 1.7.2p4
todd_miller sudo 1.7.2p5
todd_miller sudo 1.7.2p6
todd_miller sudo 1.7.2p7


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7FE987-2B49-4FD5-A5A0-35129D4E60C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE57443E-CFAA-4023-B2B0-FA0B660D7643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D6343C1-FBC8-43E7-A8DA-EB240B958015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6848519-57E8-4636-BE10-A0AF06787B20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A458EA77-772C-4641-A08A-5733FA386974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B7415D-FE7F-4F67-8384-016BD6044015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09429504-327B-44B3-A651-E933EADA0300",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7889BA46-0FAA-4D62-B2BB-B895060F5585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84FD9DD4-A6D0-40F4-9A8E-8E0017BE349C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B02CEAA5-8409-42AF-A4AE-58D9D16F007F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3E4716-6D11-46DD-9378-3C733BBDCD8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F99CB6-E185-4CE0-9E43-C5AE9017717B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2F6F9C6-85B6-450F-9165-B23C2BF83EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "147D459A-A9F2-46EF-A413-BABDBA854CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59310EB2-D33B-408E-87DA-31769211A3E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A23B0A74-F3D6-4993-B69C-72A3DE828E33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "32CE5850-4B1D-41E0-AAAE-EE2F5C1BC14A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BED4713-FC6E-4AC7-B100-8344AF4E2D2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81B76073-DEA4-4D62-A9FD-07D3306CCCD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DD679B-25C5-4A78-8004-F073403E4431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95437FF-83F7-443B-9F25-8BE81884C595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "821B0A1A-707F-4F4A-A110-3C808C275B14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D735BC1-3E87-4286-9F7D-3181064FF2C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B570E525-A024-4D41-9600-1134433786DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C00A0AF-985D-4046-893B-FE96F21C7B91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9772A9-0C70-4539-A7B8-51288D0E1B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p10:*:*:*:*:*:*:*",
              "matchCriteriaId": "758916CE-80D8-442E-AAE0-A128FCD69046",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p11:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCE213B0-7046-4813-8E63-D767A8E1E0C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FFE8FBC-9182-49CC-B151-EE39FA4176F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1CF6EE-3926-4A2A-BD09-84C0AA025C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "05E8BBC5-1D4A-47F8-AEC6-0A4C22E09AC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D741DD28-B32B-4A4D-8D73-5F2E2B17B142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "553C9803-F6E7-491D-AD16-9809AD010DF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B05317-F43C-4F0A-8A15-6B6CD1413E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF164040-2392-4E37-B9D3-5634322C908C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5D94302-8A20-4678-8B54-E448ED34674D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p9:*:*:*:*:*:*:*",
              "matchCriteriaId": "72FC2554-57A2-44D2-B3B0-F4781B4087D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA72389-8D02-4827-9AC1-594DF3815F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p11:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CE457DB-D4F9-4F7D-8D52-2D226F288A16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p12:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A84956-0A2C-48F8-964B-3C3CE1F4B304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0869E8D1-4345-4373-AE39-541A818296FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p14:*:*:*:*:*:*:*",
              "matchCriteriaId": "89DFC1E9-730F-49A5-A351-9140B89BBCBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p15:*:*:*:*:*:*:*",
              "matchCriteriaId": "521E83C8-F708-493B-9CFF-80747700B783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p16:*:*:*:*:*:*:*",
              "matchCriteriaId": "1949F9F8-2267-48FF-88DA-4E7F57AFB740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p17:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F9EF929-C19F-488C-ACCA-57C712C8F72E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p18:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FD54E9C-3E81-4CB0-843E-A31F55DCB7A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p19:*:*:*:*:*:*:*",
              "matchCriteriaId": "B218C163-E5E3-482F-BDBD-C55E55163416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
              "matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de ruta de acceso segura en env.c en sudo v1.3.1 a v1.6.9p22 y v1.7.0 a v1.7.2p6 no controla correctamente un entorno que contenga m\u00faltiples variables PATH, lo que podr\u00eda permitir a usuarios locales conseguir privilegios a trav\u00e9s de un valor debidamente modificado de la \u00faltima variable de entorno PATH."
    }
  ],
  "id": "CVE-2010-1646",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-06-07T17:12:48.123",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40002"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/40188"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/40215"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/40508"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2062"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:118"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/65083"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0475.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/40538"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1024101"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/sudo/alerts/secure_path.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1452"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1478"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1518"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/1519"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598154"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/40188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/40215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/40508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201009-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/65083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0475.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/40538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.sudo.ws/repos/sudo/rev/3057fde43cf0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.sudo.ws/repos/sudo/rev/a09c6812eaec"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/sudo/alerts/secure_path.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598154"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.