CVE-2014-0106

2014-03-1119:37:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2014-0106

sudo

environment variables

command restrictions

security issue

3.5 Low

AI Score

Confidence

High

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

CPENameOperatorVersion
apple:mac_os_xapple mac os xle10.10.4
todd_miller:sudotodd miller sudoeq1.8.4p5
todd_miller:sudotodd miller sudoeq1.7.10p10
todd_miller:sudotodd miller sudoeq1.7.2p4
todd_miller:sudotodd miller sudoeq1.7.10p6
todd_miller:sudotodd miller sudoeq1.7.0
todd_miller:sudotodd miller sudoeq1.7.4p2
todd_miller:sudotodd miller sudoeq1.8.4p1
todd_miller:sudotodd miller sudoeq1.8.4
todd_miller:sudotodd miller sudoeq1.8.4p3

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	le	10.10.4
todd_miller:sudo	todd miller sudo	eq	1.8.4p5
todd_miller:sudo	todd miller sudo	eq	1.7.10p10
todd_miller:sudo	todd miller sudo	eq	1.7.2p4
todd_miller:sudo	todd miller sudo	eq	1.7.10p6
todd_miller:sudo	todd miller sudo	eq	1.7.0
todd_miller:sudo	todd miller sudo	eq	1.7.4p2
todd_miller:sudo	todd miller sudo	eq	1.8.4p1
todd_miller:sudo	todd miller sudo	eq	1.8.4
todd_miller:sudo	todd miller sudo	eq	1.8.4p3