CVE-2010-0426

Name of the Vulnerable Software and Affected Versions sudo versions 1.6.x through 1.6.9p20 sudo versions 1.7.x through 1.7.2p3

Description The issue allows local users to gain privileges via a crafted executable file, potentially leading to a breach of confidentiality, integrity, and availability of protected information. This can be achieved by exploiting a match between the name of a pseudo-command and the name of an executable file in an arbitrary directory. For example, a file named sudoedit in a user's home directory can be used for exploitation. The estimated number of potentially affected devices is not provided.

Recommendations For sudo versions 1.6.x through 1.6.9p20, update to version 1.6.9p21 or later. For sudo versions 1.7.x through 1.7.2p3, update to version 1.7.2p4 or later. As a temporary workaround, consider disabling the pseudo-command feature until a patch is available. Restrict access to arbitrary directories to minimize the risk of exploitation. Avoid using crafted executable files in user directories until the issue is resolved.