Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-0426

Published: 23 February 2010

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.

Notes

AuthorNote
jdstrand
"Exploitation of the bug requires that the sudoers file be
configured to allow the attacker to run sudoedit. If no users have been
granted access to sudoedit there is no impact."
Dapper has 1.6.8. If --secure-path is used and compiled to use
execvp(), then sudo should not be vulnerable. Dapper is compiled with
--secure-path and happens to use execvp()

Priority

Medium

Status

Package Release Status
sudo
Launchpad, Ubuntu, Debian
upstream
Released (1.6.9p21, 1.7.2p4)
dapper
Released (1.6.8p12-1ubuntu6.1)
hardy
Released (1.6.9p10-1ubuntu3.6)
intrepid
Released (1.6.9p17-1ubuntu2.2)
jaunty
Released (1.6.9p17-1ubuntu3.1)
karmic
Released (1.7.0-1ubuntu2.1)
Patches:
upstream: http://sudo.ws/repos/sudo/rev/88f3181692fe (1.7)
upstream: http://sudo.ws/repos/sudo/rev/f86e1b56d074 (1.6)