JVN/CVE Demo: Cveinfos

CVE

Id: 43010
CVE No.: CVE-2010-0426
Status: Candidate
Description: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user"s home directory.
Phase: Assigned (20100127)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
468959	43010	CVE-2010-0426	BUGTRAQ:20101027 rPSA-2010-0075-1 sudo	View
468960	43010	CVE-2010-0426	URL:http://www.securityfocus.com/archive/1/archive/1/514489/100/0/threaded	View
468961	43010	CVE-2010-0426	MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737	View
468962	43010	CVE-2010-0426	MISC:http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/	View
468963	43010	CVE-2010-0426	CONFIRM:ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz	View
468964	43010	CVE-2010-0426	CONFIRM:http://sudo.ws/bugs/show_bug.cgi?id=389	View
468965	43010	CVE-2010-0426	CONFIRM:http://sudo.ws/repos/sudo/rev/88f3181692fe	View
468966	43010	CVE-2010-0426	CONFIRM:http://sudo.ws/repos/sudo/rev/f86e1b56d074	View
468967	43010	CVE-2010-0426	CONFIRM:http://www.sudo.ws/sudo/stable.html	View
468968	43010	CVE-2010-0426	CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2010-0075	View
468969	43010	CVE-2010-0426	DEBIAN:DSA-2006	View
468970	43010	CVE-2010-0426	URL:http://www.debian.org/security/2010/dsa-2006	View
468971	43010	CVE-2010-0426	FEDORA:FEDORA-2010-6701	View
468972	43010	CVE-2010-0426	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html	View
468973	43010	CVE-2010-0426	FEDORA:FEDORA-2010-6749	View
468974	43010	CVE-2010-0426	URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html	View
468975	43010	CVE-2010-0426	GENTOO:GLSA-201003-01	View
468976	43010	CVE-2010-0426	URL:http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml	View
468977	43010	CVE-2010-0426	MANDRIVA:MDVSA-2010:049	View
468978	43010	CVE-2010-0426	URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:049	View
468979	43010	CVE-2010-0426	SLACKWARE:SSA:2010-110-01	View
468980	43010	CVE-2010-0426	URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019	View
468981	43010	CVE-2010-0426	SUSE:SUSE-SR:2010:006	View
468982	43010	CVE-2010-0426	URL:http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html	View
468983	43010	CVE-2010-0426	UBUNTU:USN-905-1	View
468984	43010	CVE-2010-0426	URL:http://www.ubuntu.com/usn/USN-905-1	View
468985	43010	CVE-2010-0426	BID:38362	View
468986	43010	CVE-2010-0426	URL:http://www.securityfocus.com/bid/38362	View
468987	43010	CVE-2010-0426	OVAL:oval:org.mitre.oval:def:10814	View
468988	43010	CVE-2010-0426	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10814	View
468989	43010	CVE-2010-0426	OVAL:oval:org.mitre.oval:def:7238	View
468990	43010	CVE-2010-0426	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7238	View
468991	43010	CVE-2010-0426	SECTRACK:1023658	View
468992	43010	CVE-2010-0426	URL:http://securitytracker.com/id?1023658	View
468993	43010	CVE-2010-0426	SECUNIA:38659	View
468994	43010	CVE-2010-0426	URL:http://secunia.com/advisories/38659	View
468995	43010	CVE-2010-0426	SECUNIA:38915	View
468996	43010	CVE-2010-0426	URL:http://secunia.com/advisories/38915	View
468997	43010	CVE-2010-0426	SECUNIA:38795	View
468998	43010	CVE-2010-0426	URL:http://secunia.com/advisories/38795	View
468999	43010	CVE-2010-0426	SECUNIA:38803	View
469000	43010	CVE-2010-0426	URL:http://secunia.com/advisories/38803	View
469001	43010	CVE-2010-0426	SECUNIA:39399	View
469002	43010	CVE-2010-0426	URL:http://secunia.com/advisories/39399	View
469003	43010	CVE-2010-0426	SECUNIA:38762	View
469004	43010	CVE-2010-0426	URL:http://secunia.com/advisories/38762	View
469005	43010	CVE-2010-0426	VUPEN:ADV-2010-0450	View
469006	43010	CVE-2010-0426	URL:http://www.vupen.com/english/advisories/2010/0450	View
469007	43010	CVE-2010-0426	VUPEN:ADV-2010-0949	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
39870	JVNDB-2010-005655	Red Hat Enterprise Virtualization Hypervisor などの製品で使用される libspice における任意の QEMU メモリを読まれるまたは書き込まれる脆弱性	Red Hat Enterprise Virtualization Hypervisor (別名 RHEV-H または rhev-hypervisor) の QEMU-KVM およびその他の製品で使用される libspice には、任意の QEMU メモリを読まれるまたは書き込まれる脆弱性が存在します。	CVE-2010-0430	43010	7.4		http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-005655.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.33 MB
View render complete	2.81 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	3.11
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	652.53
Event: Controller.beforeRender	5.35
» Processing toolbar data	5.25
Rendering View	17.37
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	16.03
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.85
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.10
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/43010
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/43010
Remote Port	1527
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.16.81.94
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=vk5j5k9ea71pjvkliuftjqkd24
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.16.81.94
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.16.81.94
Unique Id	aB3RJZ2at2BfQuim_V_SxAAAAUQ
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	3.16.81.94
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.16.81.94
Redirect Unique Id	aB3RJZ2at2BfQuim_V_SxAAAAUQ
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	3.16.81.94
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.16.81.94
Redirect Redirect Unique Id	aB3RJZ2at2BfQuim_V_SxAAAAUQ
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1746784549.3305
Request Time	1746784549

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files