cvelistv5 - cve-2010-0426

CVE-2010-0426 (GCVE-0-2010-0426)

Vulnerability from cvelistv5 – Published: 2010-02-24 18:00 – Updated: 2024-08-07 00:45

Summary

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://secunia.com/advisories/38803	third-party-advisoryx_refsource_SECUNIA
	ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz	x_refsource_CONFIRM
	http://sudo.ws/repos/sudo/rev/88f3181692fe	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.gentoo.org/security/en/glsa/glsa-20100…	vendor-advisoryx_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/38762	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2010/dsa-2006	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/39399	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/38362	vdb-entryx_refsource_BID
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/archive/1/514489/100…	mailing-listx_refsource_BUGTRAQ
	http://www.ubuntu.com/usn/USN-905-1	vendor-advisoryx_refsource_UBUNTU
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.vupen.com/english/advisories/2010/0949	vdb-entryx_refsource_VUPEN
	http://sudo.ws/bugs/show_bug.cgi?id=389	x_refsource_CONFIRM
	http://wiki.rpath.com/Advisories:rPSA-2010-0075	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/0450	vdb-entryx_refsource_VUPEN
	http://www.sudo.ws/sudo/stable.html	x_refsource_CONFIRM
	http://secunia.com/advisories/38659	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/38795	third-party-advisoryx_refsource_SECUNIA
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737	x_refsource_MISC
	http://www.linuxquestions.org/questions/linux-sec…	x_refsource_MISC
	http://secunia.com/advisories/38915	third-party-advisoryx_refsource_SECUNIA
	http://sudo.ws/repos/sudo/rev/f86e1b56d074	x_refsource_CONFIRM
	http://securitytracker.com/id?1023658	vdb-entryx_refsource_SECTRACK
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:45:12.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38803",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38803"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sudo.ws/repos/sudo/rev/88f3181692fe"
          },
          {
            "name": "oval:org.mitre.oval:def:7238",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238"
          },
          {
            "name": "GLSA-201003-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
          },
          {
            "name": "MDVSA-2010:049",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:049"
          },
          {
            "name": "FEDORA-2010-6701",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html"
          },
          {
            "name": "38762",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38762"
          },
          {
            "name": "DSA-2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2006"
          },
          {
            "name": "39399",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39399"
          },
          {
            "name": "38362",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38362"
          },
          {
            "name": "FEDORA-2010-6749",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html"
          },
          {
            "name": "20101027 rPSA-2010-0075-1 sudo",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
          },
          {
            "name": "USN-905-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-905-1"
          },
          {
            "name": "oval:org.mitre.oval:def:10814",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814"
          },
          {
            "name": "SUSE-SR:2010:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
          },
          {
            "name": "ADV-2010-0949",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0949"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sudo.ws/bugs/show_bug.cgi?id=389"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
          },
          {
            "name": "ADV-2010-0450",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0450"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sudo.ws/sudo/stable.html"
          },
          {
            "name": "38659",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38659"
          },
          {
            "name": "38795",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38795"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/"
          },
          {
            "name": "38915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38915"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sudo.ws/repos/sudo/rev/f86e1b56d074"
          },
          {
            "name": "1023658",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023658"
          },
          {
            "name": "SSA:2010-110-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "38803",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38803"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sudo.ws/repos/sudo/rev/88f3181692fe"
        },
        {
          "name": "oval:org.mitre.oval:def:7238",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238"
        },
        {
          "name": "GLSA-201003-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
        },
        {
          "name": "MDVSA-2010:049",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:049"
        },
        {
          "name": "FEDORA-2010-6701",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html"
        },
        {
          "name": "38762",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38762"
        },
        {
          "name": "DSA-2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2006"
        },
        {
          "name": "39399",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39399"
        },
        {
          "name": "38362",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38362"
        },
        {
          "name": "FEDORA-2010-6749",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html"
        },
        {
          "name": "20101027 rPSA-2010-0075-1 sudo",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
        },
        {
          "name": "USN-905-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-905-1"
        },
        {
          "name": "oval:org.mitre.oval:def:10814",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814"
        },
        {
          "name": "SUSE-SR:2010:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
        },
        {
          "name": "ADV-2010-0949",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0949"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sudo.ws/bugs/show_bug.cgi?id=389"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
        },
        {
          "name": "ADV-2010-0450",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0450"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sudo.ws/sudo/stable.html"
        },
        {
          "name": "38659",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38659"
        },
        {
          "name": "38795",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38795"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/"
        },
        {
          "name": "38915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38915"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sudo.ws/repos/sudo/rev/f86e1b56d074"
        },
        {
          "name": "1023658",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023658"
        },
        {
          "name": "SSA:2010-110-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-0426",
    "datePublished": "2010-02-24T18:00:00",
    "dateReserved": "2010-01-27T00:00:00",
    "dateUpdated": "2024-08-07T00:45:12.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"976B5923-1BCC-4DE6-A904-930DD833B937\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5452DF1-0270-452D-90EB-45E9A084B94C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBFD12E6-F92E-4371-ADA7-BCD41E4C9014\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67FDF4FB-06FA-4A10-A3CF-F52169BC8072\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5B29018-B495-482A-8FF7-66821A178F9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38718561-70C7-4E0D-9313-87A5E82ED338\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D057064A-9B34-4224-97BA-4D5840A92BE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3C297DC-69B1-4BE6-A5EF-D320BD0CA968\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"338A92AC-92D2-40BF-9FAC-884AF6F74D55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26DB5610-03CE-425E-8855-70D5787029FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5170421-BA0C-4365-9CD6-BD232EA08680\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5909AAA4-4AF9-4D23-87C5-5D7787909B02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03C07744-CAE8-44C6-965E-2A09BAE1F36C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B17E0E59-C928-49AB-BAA7-4AE638B376D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C898BE7-506D-49DA-8619-F86C7A9FE902\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51F7E821-2908-47F1-9665-E9D68ECC242F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C90D0AB4-F8A8-4301-99B5-757254FA999A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A79C7098-37D0-4E6E-A22C-3C771D81956F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB7D2832-B654-406E-AA34-B3BD1D6F0A2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5688D95-89EF-4D2E-9728-2316CAC3CBE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B69E49B2-1B3C-4434-ACF1-CF4F519E3C32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31B2C299-5D0B-44DA-91FD-4B1146BE9A7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"471284F9-21EF-4ED6-860F-AB86154CCDF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C91FEB5-CEF5-4C66-A8D2-AE80EA32B10D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E106EBA5-14B3-48F7-BE00-9F0ABD57C33B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"643ABD1F-83E1-4B71-AA59-8CF8B4018A46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8967DE4C-3D41-4BCE-97B0-469FCFBCE332\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C0D8CB9-3156-4F7F-A616-59EF530540D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2C91B0A-44B6-4B33-A0ED-295C56D97546\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07945224-A955-4A33-B54B-11D128FCA0F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41F70C45-9522-4F49-A5B9-62E03410F03E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory.\"}, {\"lang\": \"es\", \"value\": \"sudo v1.6.x anterior a v1.6.9p21 y v1.7.x anterior a v1.7.2p4, cuando un pseudo-comando est\\u00e1 activado, permite la coincidencia entre el nombre del pseudo-comando y el nombre de un archivo ejecutable en un directorio cualquiera, lo que permite a usuarios locales obtener privilegios a trav\\u00e9s de un archivo ejecutable manipulado, como se ha demostrado mediante el archivo sudoedit en el directorio home de un usuario.\"}]",
      "id": "CVE-2010-0426",
      "lastModified": "2024-11-21T01:12:11.650",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-02-24T18:30:00.627",
      "references": "[{\"url\": \"ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/38659\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/38762\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/38795\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/38803\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/38915\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/39399\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securitytracker.com/id?1023658\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://sudo.ws/bugs/show_bug.cgi?id=389\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://sudo.ws/repos/sudo/rev/88f3181692fe\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://sudo.ws/repos/sudo/rev/f86e1b56d074\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://wiki.rpath.com/Advisories:rPSA-2010-0075\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2010/dsa-2006\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:049\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/514489/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/38362\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.sudo.ws/sudo/stable.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-905-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0450\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0949\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38659\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/38762\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38803\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38915\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/39399\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1023658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sudo.ws/bugs/show_bug.cgi?id=389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sudo.ws/repos/sudo/rev/88f3181692fe\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sudo.ws/repos/sudo/rev/f86e1b56d074\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/Advisories:rPSA-2010-0075\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2010/dsa-2006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:049\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/514489/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/38362\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.sudo.ws/sudo/stable.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-905-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0450\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0949\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"This issue was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0122.html\\n\\nIt did not affect the versions of the sudo package as shipped with Red Hat Enterprise Linux 3 and 4.\", \"lastModified\": \"2010-03-02T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0426\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-02-24T18:30:00.627\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory.\"},{\"lang\":\"es\",\"value\":\"sudo v1.6.x anterior a v1.6.9p21 y v1.7.x anterior a v1.7.2p4, cuando un pseudo-comando est\u00e1 activado, permite la coincidencia entre el nombre del pseudo-comando y el nombre de un archivo ejecutable en un directorio cualquiera, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de un archivo ejecutable manipulado, como se ha demostrado mediante el archivo sudoedit en el directorio home de un usuario.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"976B5923-1BCC-4DE6-A904-930DD833B937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5452DF1-0270-452D-90EB-45E9A084B94C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBFD12E6-F92E-4371-ADA7-BCD41E4C9014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67FDF4FB-06FA-4A10-A3CF-F52169BC8072\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5B29018-B495-482A-8FF7-66821A178F9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38718561-70C7-4E0D-9313-87A5E82ED338\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D057064A-9B34-4224-97BA-4D5840A92BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3C297DC-69B1-4BE6-A5EF-D320BD0CA968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"338A92AC-92D2-40BF-9FAC-884AF6F74D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26DB5610-03CE-425E-8855-70D5787029FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5170421-BA0C-4365-9CD6-BD232EA08680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5909AAA4-4AF9-4D23-87C5-5D7787909B02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03C07744-CAE8-44C6-965E-2A09BAE1F36C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B17E0E59-C928-49AB-BAA7-4AE638B376D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C898BE7-506D-49DA-8619-F86C7A9FE902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51F7E821-2908-47F1-9665-E9D68ECC242F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C90D0AB4-F8A8-4301-99B5-757254FA999A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A79C7098-37D0-4E6E-A22C-3C771D81956F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB7D2832-B654-406E-AA34-B3BD1D6F0A2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5688D95-89EF-4D2E-9728-2316CAC3CBE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B69E49B2-1B3C-4434-ACF1-CF4F519E3C32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B2C299-5D0B-44DA-91FD-4B1146BE9A7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"471284F9-21EF-4ED6-860F-AB86154CCDF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C91FEB5-CEF5-4C66-A8D2-AE80EA32B10D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E106EBA5-14B3-48F7-BE00-9F0ABD57C33B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"643ABD1F-83E1-4B71-AA59-8CF8B4018A46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8967DE4C-3D41-4BCE-97B0-469FCFBCE332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C0D8CB9-3156-4F7F-A616-59EF530540D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2C91B0A-44B6-4B33-A0ED-295C56D97546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07945224-A955-4A33-B54B-11D128FCA0F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41F70C45-9522-4F49-A5B9-62E03410F03E\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38659\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38762\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38795\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38803\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/38915\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/39399\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securitytracker.com/id?1023658\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sudo.ws/bugs/show_bug.cgi?id=389\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sudo.ws/repos/sudo/rev/88f3181692fe\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sudo.ws/repos/sudo/rev/f86e1b56d074\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2010-0075\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2010/dsa-2006\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:049\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/514489/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/38362\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.sudo.ws/sudo/stable.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-905-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0450\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0949\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238\",\"source\":\"secalert@redhat.com\"},{\"url\":\"ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38659\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38762\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38915\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39399\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1023658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sudo.ws/bugs/show_bug.cgi?id=389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sudo.ws/repos/sudo/rev/88f3181692fe\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sudo.ws/repos/sudo/rev/f86e1b56d074\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2010-0075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2010/dsa-2006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:049\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/514489/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/38362\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.sudo.ws/sudo/stable.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-905-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0122.html\\n\\nIt did not affect the versions of the sudo package as shipped with Red Hat Enterprise Linux 3 and 4.\",\"lastModified\":\"2010-03-02T00:00:00\"}]}}"
  }
}

CERTFR-2014-AVI-480

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	CTPOS versions antérieures à 6.6R2
ESET	Security	Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2
Juniper Networks	N/A	CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6
Juniper Networks	Junos Space	Junos Space jusqu'à la version 13.3
Juniper Networks	Secure Analytics	Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2
ESET	Security	Network and Security Manager (NSM) version 2012.2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10661 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10657 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10658 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10659 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10660 du 11 novembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Network and Security Manager (NSM) version 2012.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
    },
    {
      "name": "CVE-2010-3853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2010-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
    },
    {
      "name": "CVE-2012-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
    },
    {
      "name": "CVE-2012-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
    },
    {
      "name": "CVE-2014-0460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
    },
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2011-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
    },
    {
      "name": "CVE-2012-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
    },
    {
      "name": "CVE-2014-4827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
    },
    {
      "name": "CVE-2013-1635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2013-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2012-0788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
    },
    {
      "name": "CVE-2010-4755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
    },
    {
      "name": "CVE-2013-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2014-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
    },
    {
      "name": "CVE-2013-1643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
    },
    {
      "name": "CVE-2013-0791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
    },
    {
      "name": "CVE-2010-1646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
    },
    {
      "name": "CVE-2014-7169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2011-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
    },
    {
      "name": "CVE-2011-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2014-4825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
    },
    {
      "name": "CVE-2010-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
    },
    {
      "name": "CVE-2012-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2014-0453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
    },
    {
      "name": "CVE-2011-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2010-0426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
    },
    {
      "name": "CVE-2014-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
    },
    {
      "name": "CVE-2012-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
    },
    {
      "name": "CVE-2014-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
    },
    {
      "name": "CVE-2014-4830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2014-4828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
    },
    {
      "name": "CVE-2014-0095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
    },
    {
      "name": "CVE-2010-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
    },
    {
      "name": "CVE-2014-3470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
    },
    {
      "name": "CVE-2014-3062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
    },
    {
      "name": "CVE-2012-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2012-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2010-2956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
    },
    {
      "name": "CVE-2011-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
    },
    {
      "name": "CVE-2014-4833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
    },
    {
      "name": "CVE-2011-4566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
    },
    {
      "name": "CVE-2014-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2014-6278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
    },
    {
      "name": "CVE-2012-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
    },
    {
      "name": "CVE-2014-0076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
    },
    {
      "name": "CVE-2010-1163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2010-5107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
    },
    {
      "name": "CVE-2009-1265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
    },
    {
      "name": "CVE-2010-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
    },
    {
      "name": "CVE-2012-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
    },
    {
      "name": "CVE-2011-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
    },
    {
      "name": "CVE-2010-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2013-5908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
    },
    {
      "name": "CVE-2014-3091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-480",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
    }
  ]
}

CERTFR-2014-AVI-480

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	CTPOS versions antérieures à 6.6R2
ESET	Security	Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2
Juniper Networks	N/A	CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6
Juniper Networks	Junos Space	Junos Space jusqu'à la version 13.3
Juniper Networks	Secure Analytics	Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2
ESET	Security	Network and Security Manager (NSM) version 2012.2

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10661 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10657 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10658 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10659 du 11 novembre 2014	None	vendor-advisory
Bulletin de sécurité Juniper JSA10660 du 11 novembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPOS versions ant\u00e9rieures \u00e0 6.6R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Security Threat Response Manager versions 2012.1, 2013.1, 2013.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions 4.2, 4.3, 4.4, 4.5, 4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space jusqu\u0027\u00e0 la version 13.3",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Secure Analytics versions 2013.2, 2014.1, 2014.2",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Network and Security Manager (NSM) version 2012.2",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-3158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3158"
    },
    {
      "name": "CVE-2010-3853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3853"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2010-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3081"
    },
    {
      "name": "CVE-2012-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0789"
    },
    {
      "name": "CVE-2012-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2329"
    },
    {
      "name": "CVE-2014-0460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
    },
    {
      "name": "CVE-2011-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
    },
    {
      "name": "CVE-2011-0421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
    },
    {
      "name": "CVE-2012-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0781"
    },
    {
      "name": "CVE-2014-4827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4827"
    },
    {
      "name": "CVE-2013-1635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1635"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2013-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1620"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2012-0788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0788"
    },
    {
      "name": "CVE-2010-4755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4755"
    },
    {
      "name": "CVE-2013-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
    },
    {
      "name": "CVE-2009-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
    },
    {
      "name": "CVE-2011-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1153"
    },
    {
      "name": "CVE-2009-3563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563"
    },
    {
      "name": "CVE-2014-0411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0411"
    },
    {
      "name": "CVE-2013-1643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1643"
    },
    {
      "name": "CVE-2013-0791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0791"
    },
    {
      "name": "CVE-2010-1646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
    },
    {
      "name": "CVE-2014-7169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7169"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2011-0010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0010"
    },
    {
      "name": "CVE-2011-1398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1398"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2014-4825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4825"
    },
    {
      "name": "CVE-2010-4707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4707"
    },
    {
      "name": "CVE-2012-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0882"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2014-0453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
    },
    {
      "name": "CVE-2011-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
    },
    {
      "name": "CVE-2014-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6271"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2010-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
    },
    {
      "name": "CVE-2010-0426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
    },
    {
      "name": "CVE-2014-0423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
    },
    {
      "name": "CVE-2012-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
    },
    {
      "name": "CVE-2014-0224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
    },
    {
      "name": "CVE-2014-4830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4830"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2014-4828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4828"
    },
    {
      "name": "CVE-2014-0095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0095"
    },
    {
      "name": "CVE-2010-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
    },
    {
      "name": "CVE-2014-3470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
    },
    {
      "name": "CVE-2014-3062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3062"
    },
    {
      "name": "CVE-2012-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2012-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2010-2956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2956"
    },
    {
      "name": "CVE-2011-3905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
    },
    {
      "name": "CVE-2014-4833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4833"
    },
    {
      "name": "CVE-2011-4566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
    },
    {
      "name": "CVE-2014-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0837"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2014-6278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6278"
    },
    {
      "name": "CVE-2012-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
    },
    {
      "name": "CVE-2014-0076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
    },
    {
      "name": "CVE-2010-1163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1163"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2010-5107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-5107"
    },
    {
      "name": "CVE-2009-1265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1265"
    },
    {
      "name": "CVE-2010-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3316"
    },
    {
      "name": "CVE-2012-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3510"
    },
    {
      "name": "CVE-2011-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-5000"
    },
    {
      "name": "CVE-2010-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3435"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2337"
    },
    {
      "name": "CVE-2011-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2013-5908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
    },
    {
      "name": "CVE-2014-3091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3091"
    },
    {
      "name": "CVE-2012-2131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-480",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eJuniper\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10661 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10661"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10657 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10657"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10658 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10658"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10660 du 11 novembre 2014",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10660"
    }
  ]
}

RHSA-2010_0122

Vulnerability from csaf_redhat - Published: 2010-02-26 11:06 - Updated: 2024-11-22 03:18

Summary

Red Hat Security Advisory: sudo security update

Notes

Topic

An updated sudo package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly leverage this flaw to execute arbitrary code with the privileges of the root user. (CVE-2010-0426) The sudo utility did not properly initialize supplementary groups when the "runas_default" option (in the sudoers file) was used. If a local user were authorized by the sudoers file to perform their sudo commands under the account specified with "runas_default", they would receive the root user's supplementary groups instead of those of the intended target user, giving them unintended privileges. (CVE-2010-0427) Users of sudo should upgrade to this updated package, which contains backported patches to correct these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated sudo package that fixes two security issues is now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA privilege escalation flaw was found in the way sudo handled the sudoedit\npseudo-command. If a local user were authorized by the sudoers file to use\nthis pseudo-command, they could possibly leverage this flaw to execute\narbitrary code with the privileges of the root user. (CVE-2010-0426)\n\nThe sudo utility did not properly initialize supplementary groups when the\n\"runas_default\" option (in the sudoers file) was used. If a local user\nwere authorized by the sudoers file to perform their sudo commands under\nthe account specified with \"runas_default\", they would receive the root\nuser\u0027s supplementary groups instead of those of the intended target user,\ngiving them unintended privileges. (CVE-2010-0427)\n\nUsers of sudo should upgrade to this updated package, which contains\nbackported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0122",
        "url": "https://access.redhat.com/errata/RHSA-2010:0122"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#important",
        "url": "http://www.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "567337",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567337"
      },
      {
        "category": "external",
        "summary": "567622",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567622"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0122.json"
      }
    ],
    "title": "Red Hat Security Advisory: sudo security update",
    "tracking": {
      "current_release_date": "2024-11-22T03:18:21+00:00",
      "generator": {
        "date": "2024-11-22T03:18:21+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2010:0122",
      "initial_release_date": "2010-02-26T11:06:00+00:00",
      "revision_history": [
        {
          "date": "2010-02-26T11:06:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-02-26T06:06:06+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T03:18:21+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.src",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.src",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.x86_64",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.x86_64",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
                "product": {
                  "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
                  "product_id": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo-debuginfo@1.6.9p17-6.el5_4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.i386",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.i386",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
                "product": {
                  "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
                  "product_id": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo-debuginfo@1.6.9p17-6.el5_4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.ia64",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.ia64",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
                "product": {
                  "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
                  "product_id": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo-debuginfo@1.6.9p17-6.el5_4?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.ppc",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.ppc",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
                "product": {
                  "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
                  "product_id": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo-debuginfo@1.6.9p17-6.el5_4?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.s390x",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.s390x",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
                "product": {
                  "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
                  "product_id": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo-debuginfo@1.6.9p17-6.el5_4?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.i386"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.ia64"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.ppc"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.s390x"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.src"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.i386"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.ia64"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.ppc"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.s390x"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.src"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-0426",
      "discovery_date": "2010-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "567337"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "sudo: sudoedit option can possibly allow for arbitrary code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "It did not affect the versions of the sudo package as shipped with Red Hat Enterprise Linux 3 and 4.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
          "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
          "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
          "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
          "5Client:sudo-0:1.6.9p17-6.el5_4.src",
          "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
          "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
          "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
          "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
          "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
          "5Server:sudo-0:1.6.9p17-6.el5_4.src",
          "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0426"
        },
        {
          "category": "external",
          "summary": "RHBZ#567337",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567337"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0426",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0426"
        }
      ],
      "release_date": "2010-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-02-26T11:06:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-0:1.6.9p17-6.el5_4.src",
            "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-0:1.6.9p17-6.el5_4.src",
            "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0122"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-0:1.6.9p17-6.el5_4.src",
            "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-0:1.6.9p17-6.el5_4.src",
            "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "sudo: sudoedit option can possibly allow for arbitrary code execution"
    },
    {
      "cve": "CVE-2010-0427",
      "discovery_date": "2009-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "567622"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "sudo: Fails to reset group permissions if runas_default set",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of the sudo packages as shipped with Red Hat Enterprise Linux 3 and 4.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
          "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
          "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
          "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
          "5Client:sudo-0:1.6.9p17-6.el5_4.src",
          "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
          "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
          "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
          "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
          "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
          "5Server:sudo-0:1.6.9p17-6.el5_4.src",
          "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0427"
        },
        {
          "category": "external",
          "summary": "RHBZ#567622",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567622"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0427",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0427"
        }
      ],
      "release_date": "2009-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-02-26T11:06:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-0:1.6.9p17-6.el5_4.src",
            "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-0:1.6.9p17-6.el5_4.src",
            "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0122"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-0:1.6.9p17-6.el5_4.src",
            "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-0:1.6.9p17-6.el5_4.src",
            "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "sudo: Fails to reset group permissions if runas_default set"
    }
  ]
}

RHSA-2010:0122

Vulnerability from csaf_redhat - Published: 2010-02-26 11:06 - Updated: 2025-11-21 17:35

Summary

Red Hat Security Advisory: sudo security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated sudo package that fixes two security issues is now available for\nRed Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA privilege escalation flaw was found in the way sudo handled the sudoedit\npseudo-command. If a local user were authorized by the sudoers file to use\nthis pseudo-command, they could possibly leverage this flaw to execute\narbitrary code with the privileges of the root user. (CVE-2010-0426)\n\nThe sudo utility did not properly initialize supplementary groups when the\n\"runas_default\" option (in the sudoers file) was used. If a local user\nwere authorized by the sudoers file to perform their sudo commands under\nthe account specified with \"runas_default\", they would receive the root\nuser\u0027s supplementary groups instead of those of the intended target user,\ngiving them unintended privileges. (CVE-2010-0427)\n\nUsers of sudo should upgrade to this updated package, which contains\nbackported patches to correct these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0122",
        "url": "https://access.redhat.com/errata/RHSA-2010:0122"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#important",
        "url": "http://www.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "567337",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567337"
      },
      {
        "category": "external",
        "summary": "567622",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567622"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0122.json"
      }
    ],
    "title": "Red Hat Security Advisory: sudo security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:35:51+00:00",
      "generator": {
        "date": "2025-11-21T17:35:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2010:0122",
      "initial_release_date": "2010-02-26T11:06:00+00:00",
      "revision_history": [
        {
          "date": "2010-02-26T11:06:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-02-26T06:06:06+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:35:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.src",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.src",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.x86_64",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.x86_64",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
                "product": {
                  "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
                  "product_id": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo-debuginfo@1.6.9p17-6.el5_4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.i386",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.i386",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
                "product": {
                  "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
                  "product_id": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo-debuginfo@1.6.9p17-6.el5_4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.ia64",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.ia64",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
                "product": {
                  "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
                  "product_id": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo-debuginfo@1.6.9p17-6.el5_4?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.ppc",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.ppc",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
                "product": {
                  "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
                  "product_id": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo-debuginfo@1.6.9p17-6.el5_4?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-0:1.6.9p17-6.el5_4.s390x",
                "product": {
                  "name": "sudo-0:1.6.9p17-6.el5_4.s390x",
                  "product_id": "sudo-0:1.6.9p17-6.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo@1.6.9p17-6.el5_4?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
                "product": {
                  "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
                  "product_id": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/sudo-debuginfo@1.6.9p17-6.el5_4?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.i386"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.ia64"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.ppc"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.s390x"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.src"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.i386"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.ia64"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.ppc"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.s390x"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.src"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-0:1.6.9p17-6.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64"
        },
        "product_reference": "sudo-0:1.6.9p17-6.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
        },
        "product_reference": "sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-0426",
      "discovery_date": "2010-02-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "567337"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "sudo: sudoedit option can possibly allow for arbitrary code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "It did not affect the versions of the sudo package as shipped with Red Hat Enterprise Linux 3 and 4.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
          "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
          "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
          "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
          "5Client:sudo-0:1.6.9p17-6.el5_4.src",
          "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
          "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
          "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
          "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
          "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
          "5Server:sudo-0:1.6.9p17-6.el5_4.src",
          "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0426"
        },
        {
          "category": "external",
          "summary": "RHBZ#567337",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567337"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0426",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0426"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0426",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0426"
        }
      ],
      "release_date": "2010-02-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-02-26T11:06:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-0:1.6.9p17-6.el5_4.src",
            "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-0:1.6.9p17-6.el5_4.src",
            "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0122"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-0:1.6.9p17-6.el5_4.src",
            "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-0:1.6.9p17-6.el5_4.src",
            "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "sudo: sudoedit option can possibly allow for arbitrary code execution"
    },
    {
      "cve": "CVE-2010-0427",
      "discovery_date": "2009-04-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "567622"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "sudo: Fails to reset group permissions if runas_default set",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue did not affect the versions of the sudo packages as shipped with Red Hat Enterprise Linux 3 and 4.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
          "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
          "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
          "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
          "5Client:sudo-0:1.6.9p17-6.el5_4.src",
          "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
          "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
          "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
          "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
          "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
          "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
          "5Server:sudo-0:1.6.9p17-6.el5_4.src",
          "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
          "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0427"
        },
        {
          "category": "external",
          "summary": "RHBZ#567622",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=567622"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0427"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0427",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0427"
        }
      ],
      "release_date": "2009-04-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-02-26T11:06:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-0:1.6.9p17-6.el5_4.src",
            "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-0:1.6.9p17-6.el5_4.src",
            "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0122"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "5Client:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-0:1.6.9p17-6.el5_4.src",
            "5Client:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Client:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-0:1.6.9p17-6.el5_4.src",
            "5Server:sudo-0:1.6.9p17-6.el5_4.x86_64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.i386",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ia64",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.ppc",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.s390x",
            "5Server:sudo-debuginfo-0:1.6.9p17-6.el5_4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "sudo: Fails to reset group permissions if runas_default set"
    }
  ]
}

GHSA-9J25-F2WW-M5PF

Vulnerability from github – Published: 2022-05-03 03:21 – Updated: 2022-05-03 03:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0426"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-02-24T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory.",
  "id": "GHSA-9j25-f2ww-m5pf",
  "modified": "2022-05-03T03:21:21Z",
  "published": "2022-05-03T03:21:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0426"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38659"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38762"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38795"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38803"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38915"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39399"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1023658"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019"
    },
    {
      "type": "WEB",
      "url": "http://sudo.ws/bugs/show_bug.cgi?id=389"
    },
    {
      "type": "WEB",
      "url": "http://sudo.ws/repos/sudo/rev/88f3181692fe"
    },
    {
      "type": "WEB",
      "url": "http://sudo.ws/repos/sudo/rev/f86e1b56d074"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-2006"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:049"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/38362"
    },
    {
      "type": "WEB",
      "url": "http://www.sudo.ws/sudo/stable.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-905-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0450"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0949"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2010-0426

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-0426

Aliases

CVE-2010-0426

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0426",
    "description": "sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory.",
    "id": "GSD-2010-0426",
    "references": [
      "https://www.suse.com/security/cve/CVE-2010-0426.html",
      "https://www.debian.org/security/2010/dsa-2006",
      "https://access.redhat.com/errata/RHSA-2010:0122",
      "https://linux.oracle.com/cve/CVE-2010-0426.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0426"
      ],
      "details": "sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory.",
      "id": "GSD-2010-0426",
      "modified": "2023-12-13T01:21:28.791467Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2010-0426",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
          },
          {
            "name": "http://secunia.com/advisories/38915",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38915"
          },
          {
            "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/514489/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
          },
          {
            "name": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz",
            "refsource": "MISC",
            "url": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz"
          },
          {
            "name": "http://secunia.com/advisories/38762",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38762"
          },
          {
            "name": "http://secunia.com/advisories/38795",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38795"
          },
          {
            "name": "http://secunia.com/advisories/38803",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38803"
          },
          {
            "name": "http://securitytracker.com/id?1023658",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1023658"
          },
          {
            "name": "http://www.debian.org/security/2010/dsa-2006",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2010/dsa-2006"
          },
          {
            "name": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml",
            "refsource": "MISC",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-905-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-905-1"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737",
            "refsource": "MISC",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737"
          },
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html"
          },
          {
            "name": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html",
            "refsource": "MISC",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html"
          },
          {
            "name": "http://secunia.com/advisories/38659",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/38659"
          },
          {
            "name": "http://secunia.com/advisories/39399",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/39399"
          },
          {
            "name": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019",
            "refsource": "MISC",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019"
          },
          {
            "name": "http://sudo.ws/bugs/show_bug.cgi?id=389",
            "refsource": "MISC",
            "url": "http://sudo.ws/bugs/show_bug.cgi?id=389"
          },
          {
            "name": "http://sudo.ws/repos/sudo/rev/88f3181692fe",
            "refsource": "MISC",
            "url": "http://sudo.ws/repos/sudo/rev/88f3181692fe"
          },
          {
            "name": "http://sudo.ws/repos/sudo/rev/f86e1b56d074",
            "refsource": "MISC",
            "url": "http://sudo.ws/repos/sudo/rev/f86e1b56d074"
          },
          {
            "name": "http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/",
            "refsource": "MISC",
            "url": "http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:049",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:049"
          },
          {
            "name": "http://www.securityfocus.com/bid/38362",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/38362"
          },
          {
            "name": "http://www.sudo.ws/sudo/stable.html",
            "refsource": "MISC",
            "url": "http://www.sudo.ws/sudo/stable.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0450",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0450"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/0949",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/0949"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2010-0426"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz"
            },
            {
              "name": "http://www.sudo.ws/sudo/stable.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.sudo.ws/sudo/stable.html"
            },
            {
              "name": "http://sudo.ws/repos/sudo/rev/88f3181692fe",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sudo.ws/repos/sudo/rev/88f3181692fe"
            },
            {
              "name": "ADV-2010-0450",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0450"
            },
            {
              "name": "38362",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/38362"
            },
            {
              "name": "http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737",
              "refsource": "MISC",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737"
            },
            {
              "name": "38659",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38659"
            },
            {
              "name": "http://sudo.ws/repos/sudo/rev/f86e1b56d074",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sudo.ws/repos/sudo/rev/f86e1b56d074"
            },
            {
              "name": "http://sudo.ws/bugs/show_bug.cgi?id=389",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://sudo.ws/bugs/show_bug.cgi?id=389"
            },
            {
              "name": "SUSE-SR:2010:006",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
            },
            {
              "name": "38915",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38915"
            },
            {
              "name": "38795",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38795"
            },
            {
              "name": "USN-905-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-905-1"
            },
            {
              "name": "MDVSA-2010:049",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:049"
            },
            {
              "name": "1023658",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1023658"
            },
            {
              "name": "38803",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38803"
            },
            {
              "name": "GLSA-201003-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
            },
            {
              "name": "39399",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/39399"
            },
            {
              "name": "SSA:2010-110-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019"
            },
            {
              "name": "ADV-2010-0949",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0949"
            },
            {
              "name": "FEDORA-2010-6749",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html"
            },
            {
              "name": "FEDORA-2010-6701",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html"
            },
            {
              "name": "DSA-2006",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2010/dsa-2006"
            },
            {
              "name": "38762",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38762"
            },
            {
              "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0075",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
            },
            {
              "name": "oval:org.mitre.oval:def:7238",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238"
            },
            {
              "name": "oval:org.mitre.oval:def:10814",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814"
            },
            {
              "name": "20101027 rPSA-2010-0075-1 sudo",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-10T19:52Z",
      "publishedDate": "2010-02-24T18:30Z"
    }
  }
}

FKIE_CVE-2010-0426

Vulnerability from fkie_nvd - Published: 2010-02-24 18:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz	Patch
secalert@redhat.com	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
secalert@redhat.com	http://secunia.com/advisories/38659	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/38762
secalert@redhat.com	http://secunia.com/advisories/38795
secalert@redhat.com	http://secunia.com/advisories/38803
secalert@redhat.com	http://secunia.com/advisories/38915
secalert@redhat.com	http://secunia.com/advisories/39399
secalert@redhat.com	http://securitytracker.com/id?1023658
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019
secalert@redhat.com	http://sudo.ws/bugs/show_bug.cgi?id=389
secalert@redhat.com	http://sudo.ws/repos/sudo/rev/88f3181692fe
secalert@redhat.com	http://sudo.ws/repos/sudo/rev/f86e1b56d074
secalert@redhat.com	http://wiki.rpath.com/Advisories:rPSA-2010-0075
secalert@redhat.com	http://www.debian.org/security/2010/dsa-2006
secalert@redhat.com	http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
secalert@redhat.com	http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:049
secalert@redhat.com	http://www.securityfocus.com/archive/1/514489/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/38362	Patch
secalert@redhat.com	http://www.sudo.ws/sudo/stable.html	Patch
secalert@redhat.com	http://www.ubuntu.com/usn/USN-905-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0450	Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/0949
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz	Patch
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38659	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38762
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38795
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38803
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38915
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39399
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1023658
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019
af854a3a-2127-422b-91ae-364da2661108	http://sudo.ws/bugs/show_bug.cgi?id=389
af854a3a-2127-422b-91ae-364da2661108	http://sudo.ws/repos/sudo/rev/88f3181692fe
af854a3a-2127-422b-91ae-364da2661108	http://sudo.ws/repos/sudo/rev/f86e1b56d074
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/Advisories:rPSA-2010-0075
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2006
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:049
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/514489/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/38362	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.sudo.ws/sudo/stable.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-905-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0450	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0949
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238

Impacted products

Vendor	Product	Version
todd_miller	sudo	1.6
todd_miller	sudo	1.6.1
todd_miller	sudo	1.6.2
todd_miller	sudo	1.6.3
todd_miller	sudo	1.6.3_p1
todd_miller	sudo	1.6.3_p2
todd_miller	sudo	1.6.3_p3
todd_miller	sudo	1.6.3_p4
todd_miller	sudo	1.6.3_p5
todd_miller	sudo	1.6.3_p6
todd_miller	sudo	1.6.3_p7
todd_miller	sudo	1.6.4_p1
todd_miller	sudo	1.6.4_p2
todd_miller	sudo	1.6.5_p1
todd_miller	sudo	1.6.5_p2
todd_miller	sudo	1.6.7_p5
todd_miller	sudo	1.6.8_p1
todd_miller	sudo	1.6.8_p2
todd_miller	sudo	1.6.8_p5
todd_miller	sudo	1.6.8_p7
todd_miller	sudo	1.6.8_p8
todd_miller	sudo	1.6.8_p9
todd_miller	sudo	1.6.8_p12
todd_miller	sudo	1.6.9_p17
todd_miller	sudo	1.6.9_p18
todd_miller	sudo	1.6.9_p19
todd_miller	sudo	1.7.0
todd_miller	sudo	1.7.1
todd_miller	sudo	1.7.2
todd_miller	sudo	1.7.2p1
todd_miller	sudo	1.7.2p2
todd_miller	sudo	1.7.2p3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B29018-B495-482A-8FF7-66821A178F9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "38718561-70C7-4E0D-9313-87A5E82ED338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D057064A-9B34-4224-97BA-4D5840A92BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C297DC-69B1-4BE6-A5EF-D320BD0CA968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "338A92AC-92D2-40BF-9FAC-884AF6F74D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5170421-BA0C-4365-9CD6-BD232EA08680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5909AAA4-4AF9-4D23-87C5-5D7787909B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03C07744-CAE8-44C6-965E-2A09BAE1F36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B17E0E59-C928-49AB-BAA7-4AE638B376D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C898BE7-506D-49DA-8619-F86C7A9FE902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F7E821-2908-47F1-9665-E9D68ECC242F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90D0AB4-F8A8-4301-99B5-757254FA999A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79C7098-37D0-4E6E-A22C-3C771D81956F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7D2832-B654-406E-AA34-B3BD1D6F0A2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5688D95-89EF-4D2E-9728-2316CAC3CBE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B69E49B2-1B3C-4434-ACF1-CF4F519E3C32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*",
              "matchCriteriaId": "31B2C299-5D0B-44DA-91FD-4B1146BE9A7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*",
              "matchCriteriaId": "471284F9-21EF-4ED6-860F-AB86154CCDF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C91FEB5-CEF5-4C66-A8D2-AE80EA32B10D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*",
              "matchCriteriaId": "E106EBA5-14B3-48F7-BE00-9F0ABD57C33B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user\u0027s home directory."
    },
    {
      "lang": "es",
      "value": "sudo v1.6.x anterior a v1.6.9p21 y v1.7.x anterior a v1.7.2p4, cuando un pseudo-comando est\u00e1 activado, permite la coincidencia entre el nombre del pseudo-comando y el nombre de un archivo ejecutable en un directorio cualquiera, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de un archivo ejecutable manipulado, como se ha demostrado mediante el archivo sudoedit en el directorio home de un usuario."
    }
  ],
  "id": "CVE-2010-0426",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-02-24T18:30:00.627",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38659"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38762"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38795"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38803"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/38915"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39399"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1023658"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sudo.ws/bugs/show_bug.cgi?id=389"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sudo.ws/repos/sudo/rev/88f3181692fe"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sudo.ws/repos/sudo/rev/f86e1b56d074"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2006"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:049"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/38362"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.sudo.ws/sudo/stable.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-905-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0450"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/0949"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.577019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sudo.ws/bugs/show_bug.cgi?id=389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sudo.ws/repos/sudo/rev/88f3181692fe"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sudo.ws/repos/sudo/rev/f86e1b56d074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514489/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/38362"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.sudo.ws/sudo/stable.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-905-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "This issue was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0122.html\n\nIt did not affect the versions of the sudo package as shipped with Red Hat Enterprise Linux 3 and 4.",
      "lastModified": "2010-03-02T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0426 (GCVE-0-2010-0426)

CERTFR-2014-AVI-480

Solution

CERTFR-2014-AVI-480

Solution

RHSA-2010_0122

RHSA-2010:0122

GHSA-9J25-F2WW-M5PF

GSD-2010-0426

FKIE_CVE-2010-0426

Tags

Sightings

Nomenclature