CVE-2010-0426

sudo 1.6.x < 1.6.9p21 and 1.7.x < 1.7.2p4 - Privilege Escalation via Pseudo-Command Matching

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-0426. PoCs published by t0kx, g1vi, cved-sources.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2010-0426, a local privilege escalation vulnerability in Sudo versions 1.6.x to 1.6.9p21 and 1.7.x to 1.7.2p4. The exploit leverages a flaw in sudoedit to execute arbitrary commands as root by replacing the sudoedit binary with a malicious script.

Description

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.

Exploits (3)

nomisec WORKING POC 10 stars
by t0kx · poc
https://github.com/t0kx/privesc-CVE-2010-0426

This repository contains a functional exploit for CVE-2010-0426, a local privilege escalation vulnerability in Sudo versions 1.6.x to 1.6.9p21 and 1.7.x to 1.7.2p4. The exploit leverages a flaw in sudoedit to execute arbitrary commands as root by replacing the sudoedit binary with a malicious script.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Sudo 1.6.x to 1.6.9p21 and 1.7.x to 1.7.2p4
Auth required
Prerequisites: Access to a vulnerable Sudo installation · Ability to execute sudoedit with NOPASSWD configuration
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by g1vi · poc
https://github.com/g1vi/CVE-2010-0426

The repository contains a functional exploit for CVE-2010-0426, which leverages a vulnerability in sudo versions 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4. The exploit creates a malicious 'sudoedit' executable in /var/tmp and uses sudo to execute it, escalating privileges to root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
Auth required
Prerequisites: sudoedit binary with suid permission · ability to create executable files in /var/tmp · sudo -l shows an editable file via sudoedit
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by cved-sources · poc
https://github.com/cved-sources/cve-2010-0426

This repository provides a Dockerized environment for CVE-2010-0426, a privilege escalation vulnerability in sudo versions before 1.7.4. The Dockerfile sets up a vulnerable sudo 1.7.2 installation and configures a user with sudoedit privileges, allowing exploitation of the vulnerability.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: sudo versions before 1.7.4
Auth required
Prerequisites: Access to a system with vulnerable sudo version · User with sudoedit privileges
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (29)

Core 29
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38803
Various Sources x_refsource_confirm
http://sudo.ws/repos/sudo/rev/88f3181692fe
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:049
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38762
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2006
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39399
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38362
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514489/100/0/threaded
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-905-1
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0949
Various Sources x_refsource_confirm
http://sudo.ws/bugs/show_bug.cgi?id=389
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2010-0075
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0450
Patch x_refsource_confirm
http://www.sudo.ws/sudo/stable.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38659
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38795
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38915
Various Sources x_refsource_confirm
http://sudo.ws/repos/sudo/rev/f86e1b56d074
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1023658

Scores

EPSS 0.0112
EPSS Percentile 62.0%

Details

CWE
CWE-264
Status published
Products (32)
todd_miller/sudo 1.6
todd_miller/sudo 1.6.1
todd_miller/sudo 1.6.2
todd_miller/sudo 1.6.3
todd_miller/sudo 1.6.3_p1
todd_miller/sudo 1.6.3_p2
todd_miller/sudo 1.6.3_p3
todd_miller/sudo 1.6.3_p4
todd_miller/sudo 1.6.3_p5
todd_miller/sudo 1.6.3_p6
... and 22 more
Published Feb 24, 2010
Tracked Since Feb 18, 2026