CVE-2010-1646 Information

Description

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables which might allow local users to gain privileges via a crafted value of the last PATH variable.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40002 http://secunia.com/advisories/40188 http://secunia.com/advisories/40215 http://secunia.com/advisories/40508 http://secunia.com/advisories/43068 http://security.gentoo.org/glsa/glsa-201009-03.xml http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.debian.org/security/2010/dsa-2062 http://www.mandriva.com/security/advisories?name=MDVSA-2010:118 http://www.osvdb.org/65083 http://www.redhat.com/support/errata/RHSA-2010-0475.html http://www.securityfocus.com/archive/1/514489/100/0/threaded http://www.securityfocus.com/bid/40538 http://www.securitytracker.com/id?1024101 http://www.sudo.ws/repos/sudo/rev/3057fde43cf0 http://www.sudo.ws/repos/sudo/rev/a09c6812eaec http://www.sudo.ws/sudo/alerts/secure_path.html http://www.vupen.com/english/advisories/2010/1452 http://www.vupen.com/english/advisories/2010/1478 http://www.vupen.com/english/advisories/2010/1518 http://www.vupen.com/english/advisories/2010/1519 http://www.vupen.com/english/advisories/2011/0212 https://bugzilla.redhat.com/show_bug.cgi?id=598154 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10580 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7338