Unrated severityNVD Advisory· Published Jun 7, 2010· Updated Apr 29, 2026
CVE-2010-1646
CVE-2010-1646
Description
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
Affected products
74cpe:2.3:a:todd_miller:sudo:1.3.1:*:*:*:*:*:*:*+ 73 more
- cpe:2.3:a:todd_miller:sudo:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.2p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.2p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.7p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.7p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.7p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.7p4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p8:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p12:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p13:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p14:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p15:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p16:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p17:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p18:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p19:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p8:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p9:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p10:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p11:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p9:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p10:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p11:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
29- www.sudo.ws/repos/sudo/rev/3057fde43cf0nvdExploitPatch
- www.sudo.ws/repos/sudo/rev/a09c6812eaecnvdExploitPatch
- secunia.com/advisories/40002nvdVendor Advisory
- www.sudo.ws/sudo/alerts/secure_path.htmlnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlnvd
- secunia.com/advisories/40188nvd
- secunia.com/advisories/40215nvd
- secunia.com/advisories/40508nvd
- secunia.com/advisories/43068nvd
- security.gentoo.org/glsa/glsa-201009-03.xmlnvd
- wiki.rpath.com/Advisories:rPSA-2010-0075nvd
- www.debian.org/security/2010/dsa-2062nvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/65083nvd
- www.redhat.com/support/errata/RHSA-2010-0475.htmlnvd
- www.securityfocus.com/archive/1/514489/100/0/threadednvd
- www.securityfocus.com/bid/40538nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2010/1452nvd
- www.vupen.com/english/advisories/2010/1478nvd
- www.vupen.com/english/advisories/2010/1518nvd
- www.vupen.com/english/advisories/2010/1519nvd
- www.vupen.com/english/advisories/2011/0212nvd
- bugzilla.redhat.com/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338nvd
News mentions
0No linked articles in our index yet.