CVE-2010-1646

CWE-2648 documents8 sources
Severity
6.2MEDIUM
EPSS
0.1%
top 76.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Todd Miller Sudo
Timeline
PublishedJun 7
Latest updateMay 14

Description

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages2 packages

Debiansudo< 1.7.2p7-1+3
NVDtodd_miller/sudo74 versions+73

Patches

Patch: www.sudo.wsPatch: www.sudo.wsPatch: www.sudo.ws

🔴Vulnerability Details

3
GHSA
GHSA-xww5-hh94-wcq9: The secure path feature in env2022-05-14
OSV
CVE-2010-1646: The secure path feature in env2010-06-07
CVEList
CVE-2010-1646: The secure path feature in env2010-06-07

📋Vendor Advisories

3
Ubuntu
sudo vulnerability2010-06-30
Red Hat
sudo: insufficient environment sanitization issue2010-05-28
Debian
CVE-2010-1646: sudo - The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 throug...2010

💬Community

1
Bugzilla
CVE-2010-1646 sudo: insufficient environment sanitization issue2010-05-31
CVE-2010-1646 (MEDIUM CVSS 6.2) | The secure path feature in env.c in | cvebase.io