Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2010-0426

Published: 24/02/2010 Updated: 10/10/2018
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 615
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Todd Miller

Vulnerability Summary

sudo 1.6.x prior to 1.6.9p21 and 1.7.x prior to 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.

Vulnerable Product Search on Vulmon Subscribe to Product

todd miller sudo 1.6.1

todd miller sudo 1.6.2

todd miller sudo 1.6.3_p6

todd miller sudo 1.6.3_p7

todd miller sudo 1.6.8_p12

todd miller sudo 1.6.8_p2

todd miller sudo 1.6.8_p5

todd miller sudo 1.7.0

todd miller sudo 1.7.1

todd miller sudo 1.6.3

todd miller sudo 1.6.3_p1

todd miller sudo 1.6.4_p1

todd miller sudo 1.6.4_p2

todd miller sudo 1.6.8_p7

todd miller sudo 1.6.8_p8

todd miller sudo 1.7.2

todd miller sudo 1.7.2p1

todd miller sudo 1.6

todd miller sudo 1.6.3_p4

todd miller sudo 1.6.3_p5

todd miller sudo 1.6.7_p5

todd miller sudo 1.6.8_p1

todd miller sudo 1.6.9_p18

todd miller sudo 1.6.9_p19

todd miller sudo 1.6.3_p2

todd miller sudo 1.6.3_p3

todd miller sudo 1.6.5_p1

todd miller sudo 1.6.5_p2

todd miller sudo 1.6.8_p9

todd miller sudo 1.6.9_p17

todd miller sudo 1.7.2p2

todd miller sudo 1.7.2p3

Vendor Advisories

Red Hat: Important: sudo security update
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Topic An updated sudo package that fixes two security issues is now available forRed Hat Enterprise Linux 5This update has been rated as having important security impact by the RedHat Security Response Team Descri ...
Red Hat: Moderate: sudo security update
Synopsis Moderate: sudo security update Type/Severity Security Advisory: Moderate Topic An updated sudo package that fixes one security issue is now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability Scor ...
Debian CVElist Bug Report Logs: CVE-2010-1163: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426
Debian Bug report logs - #578275 CVE-2010-1163: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426 Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debianorg> Date: Sun, 18 Apr 2010 15:21:01 ...
Debian CVElist Bug Report Logs: sudoedit permission in sudoers grants permission to any sudoedit executables
Debian Bug report logs - #570737 sudoedit permission in sudoers grants permission to any sudoedit executables Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: neonsignal-debian@memepressorg Date: Sun, 21 Feb 2010 03:33:02 UTC Severity: grav ...
Ubuntu Security Notice: sudo vulnerability
Valerio Costamagna discovered that sudo did not properly validate the path for the ‘sudoedit’ pseudo-command when the PATH contained only a dot (‘’) If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit By default, se ...
Ubuntu Security Notice: sudo vulnerabilities
It was discovered that sudo did not properly validate the path for the ‘sudoedit’ pseudo-command A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit The sudoedit pseudo-command is not used in the default installation of Ubuntu (CVE-2010-0426) ...
Debian Security Advisories: DSA-2006-1 sudo -- several vulnerabilities
Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0426 It was discovered that sudo when a pseudo-command is enabled, permits a match between the name of the pseudo-command ...

Exploits

Exploit DB: Sudo 1.7.2p5 Local Privilege Escalation
sudoedit as found in sudo versions 172p5 and below fails to verify the path of the executable and therefore allows for an easy to exploit local privilege escalation vulnerability ...

Github Repositories

https://github.com/g1vi/CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 - Privilege escalation with sudo and sudoedit

CVE-2010-0426 wwwcvedetailscom/cve/CVE-2010-0426/ sudo 16x before 169p21 and 17x before 172p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit

https://github.com/t0kx/privesc-CVE-2010-0426

Sudo 1.6.x <= 1.6.9p21 and 1.7.x <= 1.7.2p4 Local Privilege Escalation and vulnerable container

Sudo 16x&lt;=169p21 and 17x&lt;=172p4 Local Privilege Escalation Sudo (su "do") allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments Vulnerable environment To setup a vulnerable environment for your test you will need Docker installed, and ju

https://github.com/cved-sources/cve-2010-0426

cve-2010-0426

CVE-2010-0426 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2010-0426 Image author: githubcom/t0kx/privesc-CVE-2010-0426

References

CWE-264ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gzhttp://www.sudo.ws/sudo/stable.htmlhttp://sudo.ws/repos/sudo/rev/88f3181692fehttp://www.vupen.com/english/advisories/2010/0450http://www.securityfocus.com/bid/38362http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737http://secunia.com/advisories/38659http://sudo.ws/repos/sudo/rev/f86e1b56d074http://sudo.ws/bugs/show_bug.cgi?id=389http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlhttp://secunia.com/advisories/38915http://secunia.com/advisories/38795http://www.ubuntu.com/usn/USN-905-1http://www.mandriva.com/security/advisories?name=MDVSA-2010:049http://securitytracker.com/id?1023658http://secunia.com/advisories/38803http://www.gentoo.org/security/en/glsa/glsa-201003-01.xmlhttp://secunia.com/advisories/39399http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019http://www.vupen.com/english/advisories/2010/0949http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.htmlhttp://www.debian.org/security/2010/dsa-2006http://secunia.com/advisories/38762http://wiki.rpath.com/Advisories:rPSA-2010-0075https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814http://www.securityfocus.com/archive/1/514489/100/0/threadedhttps://access.redhat.com/errata/RHSA-2010:0122https://nvd.nist.govhttps://usn.ubuntu.com/928-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook