Vulnerability DatabaseCVE-2010-1163
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2010-1163
April 16, 2010
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
Related Resources (30)
http://secunia.com/advisories/43068
http://www.securityfocus.com/archive/1/514489/100/0/threaded
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
https://access.redhat.com/security/cve/CVE-2010-1163
http://www.securityfocus.com/archive/1/510880/100/0/threaded
http://secunia.com/advisories/39474
http://www.vupen.com/english/advisories/2010/0895
https://exchange.xforce.ibmcloud.com/vulnerabilities/57836
http://www.vupen.com/english/advisories/2010/0881
http://www.securityfocus.com/bid/39468
http://www.mandriva.com/security/advisories?name=MDVSA-2010:078
http://www.osvdb.org/63878
http://www.vupen.com/english/advisories/2010/0949
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.securityfocus.com/archive/1/510827/100/0/threaded
http://www.securityfocus.com/archive/1/510846/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2010-0361.html
http://www.ubuntu.com/usn/USN-928-1
http://www.vupen.com/english/advisories/2010/1019
http://www.vupen.com/english/advisories/2011/0212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9382
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019
https://people.canonical.com/~ubuntu-security/cve/CVE-2010-1163
http://www.vupen.com/english/advisories/2010/0904
http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html
http://www.vupen.com/english/advisories/2010/0956
http://secunia.com/advisories/39384
http://secunia.com/advisories/39399
http://secunia.com/advisories/39543
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.5
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
6.9
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Improper Input Validation
CWE-20
EPSS
Base Score:
0.04