Strix
26.1K

CVE-2010-0426

UnknownEPSS 1.13%

Last modified

CVE-2010-0426 is a vulnerability of currently unknown severity. sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.. EPSS estimates a 1.13% chance of exploitation in the next 30 days.

Description

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.

Metrics

EPSS Probability
1.13%

62.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Todd MillerSudo1.6
Todd MillerSudo1.6.1
Todd MillerSudo1.6.2
Todd MillerSudo1.6.3
Todd MillerSudo1.6.3_p1
Todd MillerSudo1.6.3_p2
Todd MillerSudo1.6.3_p3
Todd MillerSudo1.6.3_p4
Todd MillerSudo1.6.3_p5
Todd MillerSudo1.6.3_p6
Todd MillerSudo1.6.3_p7
Todd MillerSudo1.6.4_p1
Todd MillerSudo1.6.4_p2
Todd MillerSudo1.6.5_p1
Todd MillerSudo1.6.5_p2
Todd MillerSudo1.6.7_p5
Todd MillerSudo1.6.8_p1
Todd MillerSudo1.6.8_p2
Todd MillerSudo1.6.8_p5
Todd MillerSudo1.6.8_p7
Todd MillerSudo1.6.8_p8
Todd MillerSudo1.6.8_p9
Todd MillerSudo1.6.8_p12
Todd MillerSudo1.6.9_p17
Todd MillerSudo1.6.9_p18
Todd MillerSudo1.6.9_p19
Todd MillerSudo1.7.0
Todd MillerSudo1.7.1
Todd MillerSudo1.7.2
Todd MillerSudo1.7.2p1
Todd MillerSudo1.7.2p2
Todd MillerSudo1.7.2p3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-0426?
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.
How severe is CVE-2010-0426?
Severity scoring for CVE-2010-0426 is pending analysis. The EPSS model estimates a 1.13% probability of exploitation in the next 30 days.
How do I fix CVE-2010-0426?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-0426?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST