CVE
- Id
- 43747
- CVE No.
- CVE-2010-1163
- Status
- Candidate
- Description
- The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
- Phase
- Assigned (20100329)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 476297 | 43747 | CVE-2010-1163 | BUGTRAQ:20100420 Re: sudoedit local privilege escalation through PATH manipulation | View |
| 476298 | 43747 | CVE-2010-1163 | URL:http://www.securityfocus.com/archive/1/archive/1/510846/100/0/threaded | View |
| 476299 | 43747 | CVE-2010-1163 | BUGTRAQ:20100422 Re: sudoedit local privilege escalation through PATH manipulation | View |
| 476300 | 43747 | CVE-2010-1163 | URL:http://www.securityfocus.com/archive/1/archive/1/510880/100/0/threaded | View |
| 476301 | 43747 | CVE-2010-1163 | BUGTRAQ:20100419 sudoedit local privilege escalation through PATH manipulation | View |
| 476302 | 43747 | CVE-2010-1163 | URL:http://www.securityfocus.com/archive/1/archive/1/510827/100/0/threaded | View |
| 476303 | 43747 | CVE-2010-1163 | BUGTRAQ:20101027 rPSA-2010-0075-1 sudo | View |
| 476304 | 43747 | CVE-2010-1163 | URL:http://www.securityfocus.com/archive/1/archive/1/514489/100/0/threaded | View |
| 476305 | 43747 | CVE-2010-1163 | CONFIRM:http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html | View |
| 476306 | 43747 | CVE-2010-1163 | CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2010-0075 | View |
| 476307 | 43747 | CVE-2010-1163 | FEDORA:FEDORA-2010-6756 | View |
| 476308 | 43747 | CVE-2010-1163 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html | View |
| 476309 | 43747 | CVE-2010-1163 | MANDRIVA:MDVSA-2010:078 | View |
| 476310 | 43747 | CVE-2010-1163 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:078 | View |
| 476311 | 43747 | CVE-2010-1163 | REDHAT:RHSA-2010:0361 | View |
| 476312 | 43747 | CVE-2010-1163 | URL:http://www.redhat.com/support/errata/RHSA-2010-0361.html | View |
| 476313 | 43747 | CVE-2010-1163 | SLACKWARE:SSA:2010-110-01 | View |
| 476314 | 43747 | CVE-2010-1163 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019 | View |
| 476315 | 43747 | CVE-2010-1163 | SUSE:SUSE-SR:2011:002 | View |
| 476316 | 43747 | CVE-2010-1163 | URL:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | View |
| 476317 | 43747 | CVE-2010-1163 | UBUNTU:USN-928-1 | View |
| 476318 | 43747 | CVE-2010-1163 | URL:http://www.ubuntu.com/usn/USN-928-1 | View |
| 476319 | 43747 | CVE-2010-1163 | BID:39468 | View |
| 476320 | 43747 | CVE-2010-1163 | URL:http://www.securityfocus.com/bid/39468 | View |
| 476321 | 43747 | CVE-2010-1163 | OSVDB:63878 | View |
| 476322 | 43747 | CVE-2010-1163 | URL:http://www.osvdb.org/63878 | View |
| 476323 | 43747 | CVE-2010-1163 | OVAL:oval:org.mitre.oval:def:9382 | View |
| 476324 | 43747 | CVE-2010-1163 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9382 | View |
| 476325 | 43747 | CVE-2010-1163 | SECUNIA:39384 | View |
| 476326 | 43747 | CVE-2010-1163 | URL:http://secunia.com/advisories/39384 | View |
| 476327 | 43747 | CVE-2010-1163 | SECUNIA:39474 | View |
| 476328 | 43747 | CVE-2010-1163 | URL:http://secunia.com/advisories/39474 | View |
| 476329 | 43747 | CVE-2010-1163 | SECUNIA:39543 | View |
| 476330 | 43747 | CVE-2010-1163 | URL:http://secunia.com/advisories/39543 | View |
| 476331 | 43747 | CVE-2010-1163 | SECUNIA:39399 | View |
| 476332 | 43747 | CVE-2010-1163 | URL:http://secunia.com/advisories/39399 | View |
| 476333 | 43747 | CVE-2010-1163 | SECUNIA:43068 | View |
| 476334 | 43747 | CVE-2010-1163 | URL:http://secunia.com/advisories/43068 | View |
| 476335 | 43747 | CVE-2010-1163 | VUPEN:ADV-2010-0881 | View |
| 476336 | 43747 | CVE-2010-1163 | URL:http://www.vupen.com/english/advisories/2010/0881 | View |
| 476337 | 43747 | CVE-2010-1163 | VUPEN:ADV-2010-0895 | View |
| 476338 | 43747 | CVE-2010-1163 | URL:http://www.vupen.com/english/advisories/2010/0895 | View |
| 476339 | 43747 | CVE-2010-1163 | VUPEN:ADV-2010-0949 | View |
| 476340 | 43747 | CVE-2010-1163 | URL:http://www.vupen.com/english/advisories/2010/0949 | View |
| 476341 | 43747 | CVE-2010-1163 | VUPEN:ADV-2010-0956 | View |
| 476342 | 43747 | CVE-2010-1163 | URL:http://www.vupen.com/english/advisories/2010/0956 | View |
| 476343 | 43747 | CVE-2010-1163 | VUPEN:ADV-2010-1019 | View |
| 476344 | 43747 | CVE-2010-1163 | URL:http://www.vupen.com/english/advisories/2010/1019 | View |
| 476345 | 43747 | CVE-2010-1163 | VUPEN:ADV-2010-0904 | View |
| 476346 | 43747 | CVE-2010-1163 | URL:http://www.vupen.com/english/advisories/2010/0904 | View |
| 476347 | 43747 | CVE-2010-1163 | VUPEN:ADV-2011-0212 | View |
| 476348 | 43747 | CVE-2010-1163 | URL:http://www.vupen.com/english/advisories/2011/0212 | View |
| 476349 | 43747 | CVE-2010-1163 | XF:sudo-sudoefit-privilege-escalation(57836) | View |
Related JVN
| Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 38160 | JVNDB-2010-003945 | fetchmail におけるサービス運用妨害 (DoS) の脆弱性 | fetchmail は、デバッグモードが有効になっている際、複数文字が設定されたロケール内の無効な文字を適切に処理しないため、サービス運用妨害 (メモリの消費およびアプリケーションクラッシュ) 状態となる脆弱性が存在します。 | CVE-2010-1167 | 43747 | 4.3 | http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003945.html | View |
