CVE-2010-1646

Name of the Vulnerable Software and Affected Versions sudo versions 1.3.1 through 1.6.9p22 sudo versions 1.7.0 through 1.7.2p6

Description The issue is related to the secure path feature in sudo, which does not properly handle an environment containing multiple PATH variables. This could allow local users to gain privileges via a crafted value of the last PATH variable. Multiple vulnerabilities in the sudo package may lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker.

Recommendations For sudo versions 1.3.1 through 1.6.9p22, update to a version newer than 1.6.9p22 to resolve the issue. For sudo versions 1.7.0 through 1.7.2p6, update to a version newer than 1.7.2p6 to resolve the issue. As a temporary workaround, consider restricting access to the sudo functionality until a patch is available.