CVE-2010-1163
CVE-2010-1163
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/39384http://secunia.com/advisories/39399http://secunia.com/advisories/39474http://secunia.com/advisories/39543http://secunia.com/advisories/43068https://exchange.xforce.ibmcloud.com/vulnerabilities/57836http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9382http://wiki.rpath.com/Advisories:rPSA-2010-0075http://www.mandriva.com/security/advisories?name=MDVSA-2010:078