Search for vulnerabilities
Vulnerability details: VCID-e63a-865g-aaap
Vulnerability ID VCID-e63a-865g-aaap
Aliases CVE-2010-1163
Summary The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0361
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
epss 0.00703 https://api.first.org/data/v1/epss?cve=CVE-2010-1163
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=580441
cvssv2 6.9 https://nvd.nist.gov/vuln/detail/CVE-2010-1163
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1163.json
https://api.first.org/data/v1/epss?cve=CVE-2010-1163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1163
http://secunia.com/advisories/39384
http://secunia.com/advisories/39399
http://secunia.com/advisories/39474
http://secunia.com/advisories/39543
http://secunia.com/advisories/43068
https://exchange.xforce.ibmcloud.com/vulnerabilities/57836
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9382
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.mandriva.com/security/advisories?name=MDVSA-2010:078
http://www.osvdb.org/63878
http://www.redhat.com/support/errata/RHSA-2010-0361.html
http://www.securityfocus.com/archive/1/510827/100/0/threaded
http://www.securityfocus.com/archive/1/510846/100/0/threaded
http://www.securityfocus.com/archive/1/510880/100/0/threaded
http://www.securityfocus.com/archive/1/514489/100/0/threaded
http://www.securityfocus.com/bid/39468
http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html
http://www.ubuntu.com/usn/USN-928-1
http://www.vupen.com/english/advisories/2010/0881
http://www.vupen.com/english/advisories/2010/0895
http://www.vupen.com/english/advisories/2010/0904
http://www.vupen.com/english/advisories/2010/0949
http://www.vupen.com/english/advisories/2010/0956
http://www.vupen.com/english/advisories/2010/1019
http://www.vupen.com/english/advisories/2011/0212
578275 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578275
580441 https://bugzilla.redhat.com/show_bug.cgi?id=580441
cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p20:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p21:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.9_p22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.9_p22:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*
CVE-2010-1163 https://nvd.nist.gov/vuln/detail/CVE-2010-1163
GLSA-201006-09 https://security.gentoo.org/glsa/201006-09
RHSA-2010:0361 https://access.redhat.com/errata/RHSA-2010:0361
No exploits are available.
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2010-1163
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.10982
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.