CVE-2010-1163

Publication date 16 April 2010

Last updated 24 July 2024

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sudo	9.10 karmic	Fixed 1.7.0-1ubuntu2.2
	9.04 jaunty	Fixed 1.6.9p17-1ubuntu3.2
	8.10 intrepid	Fixed 1.6.9p17-1ubuntu2.3
	8.04 LTS hardy	Fixed 1.6.9p10-1ubuntu3.7
	6.06 LTS dapper	Fixed 1.6.8p12-1ubuntu6.2

Notes

jdstrand

in Ubuntu 9.04 and earlier, sudo is compiled with secure_path, so a user must use sudoedit in sudoers and recompile sudo to not use secure_path. On Karmic, secure_path is configurable via suoders (but still set at compile-time). Ubuntu does not use 'ignore_dot' by default.

CVE-2010-1163

Status

Notes

jdstrand

References

Other references