VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 16, 2010· Updated Apr 29, 2026

CVE-2010-1163

CVE-2010-1163

Description

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

Affected products

21
  • Todd Miller/Sudo21 versions
    cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.9_p20:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.9_p21:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.6.9_p22:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
    • cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

28

News mentions

0

No linked articles in our index yet.