New Search

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for "." which allows local users to execute arbitrary commands via a Trojan horse executable as demonstrated using sudoedit a different vulnerability than CVE-2010-0426.

oval:org.mitre.oval:def:9382

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for "." which allows local users to execute arbitrary commands via a Trojan horse executable as demonstrated using sudoedit a different vulnerability than CVE-2010-0426.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 5
  • Oracle Linux 5
  • CentOS Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2010-1163
Product(s):