CVE-2010-0426

CWE-26411 documents8 sources

Severity

6.9MEDIUM

EPSS

0.8%

top 26.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Todd Miller Sudo

Timeline

PublishedFeb 24

Latest updateMay 3

Description

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶Debiansudo< 1.7.2p1-1.2+3

▶NVDtodd_miller/sudo32 versions+31

Patches

Patch: ftp.sudo.ws ↗Patch: www.securityfocus.com ↗Patch: www.sudo.ws ↗

🔴Vulnerability Details

GHSA

GHSA-9j25-f2ww-m5pf: sudo 1↗2022-05-03

▶

OSV

CVE-2010-0426: sudo 1↗2010-02-24

▶

CVEList

CVE-2010-0426: sudo 1↗2010-02-24

▶

📋Vendor Advisories

Red Hat

sudo: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426↗2010-04-13

▶

Ubuntu

sudo vulnerabilities↗2010-02-26

▶

Red Hat

sudo: sudoedit option can possibly allow for arbitrary code execution↗2010-02-21

▶

Debian

CVE-2010-0426: sudo - sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is en...↗2010

▶

💬Community

Bugzilla

CVE-2010-1163 sudo: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426↗2010-04-08

▶

Bugzilla

CVE-2010-0426 sudo: sudoedit option can possibly allow for arbitrary code execution [Fedora all]↗2010-02-23

▶

Bugzilla

CVE-2010-0426 sudo: sudoedit option can possibly allow for arbitrary code execution↗2010-02-22

▶