seeing is believing
Showing 1 - 4 of 4 RSS Feed

CVE-2010-1163

Status Candidate

Overview

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

Related Files

Gentoo Linux Security Advisory 201006-9
Posted Jun 2, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201006-9 - A flaw in sudo's -e option may allow local attackers to execute arbitrary commands. The command matching functionality does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for a period. Versions less than 1.7.2_p6 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
advisories | CVE-2010-1163
MD5 | 221eaa6c86db933a942b28c7d526dd58
Mandriva Linux Security Advisory 2010-078
Posted Apr 28, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-078 - The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ., which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Packages for 2009.0 are provided due to the Extended Maintenance Program.

tags | advisory, arbitrary, local, trojan
systems | linux, mandriva
advisories | CVE-2010-1163
MD5 | 2344824ca6cfa27865431ec8d854428a
Sudo 1.7.2p5 Local Privilege Escalation
Posted Apr 20, 2010
Authored by Maurizio Agazzini, Valerio Costamagna | Site lab.mediaservice.net

sudoedit as found in sudo versions 1.7.2p5 and below fails to verify the path of the executable and therefore allows for an easy to exploit local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2010-1163
MD5 | 9b4e6b76c052c87f529fda87d785353d
Mandriva Linux Security Advisory 2010-078
Posted Apr 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-078 - The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for., which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local, trojan
systems | linux, mandriva
advisories | CVE-2010-1163
MD5 | f4d40abdd936ea4b09edc11985ec3f49
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close