This CVE name corresponds to:
Entered | Topic |
---|---|
2010-04-15 | sudo -- Privilege escalation with sudoedit |
The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.
Type | Candidate |
Name | CVE-2010-1163 |
Phase | Assigned(20100329) |
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
Copyright © 2005 The MITRE Corporation.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.