Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-0106HistoryMar 11, 2014 - 7:37 p.m.
CVE-2014-0106
2014-03-1119:37:00
Debian Security Bug Tracker
security-tracker.debian.org
4
6.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | sudo | < 1.8.5p2-1 | sudo_1.8.5p2-1_all.deb |
| Debian | 11 | all | sudo | < 1.8.5p2-1 | sudo_1.8.5p2-1_all.deb |
| Debian | 10 | all | sudo | < 1.8.5p2-1 | sudo_1.8.5p2-1_all.deb |
| Debian | 999 | all | sudo | < 1.8.5p2-1 | sudo_1.8.5p2-1_all.deb |
| Debian | 13 | all | sudo | < 1.8.5p2-1 | sudo_1.8.5p2-1_all.deb |
Related
suse
suse
Security update for sudo (important)
2014-04-03 20:04:17
nessus
nessus
Oracle Linux 5 : sudo (ELSA-2014-0266)
2014-03-11 00:00:00
CentOS 5 : sudo (CESA-2014:0266)
2014-03-11 00:00:00
RHEL 5 : sudo (RHSA-2014:0266)
2014-03-11 00:00:00
gentoo
gentoo
sudo: Privilege escalation
2014-06-27 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2014-064-01)
2022-04-21 00:00:00
RedHat Update for sudo RHSA-2014:0266-01
2014-03-12 00:00:00
CentOS Update for sudo CESA-2014:0266 centos5
2014-03-12 00:00:00
oraclelinux
oraclelinux
sudo security update
2014-03-10 00:00:00
prion
prion
Command injection
2014-03-11 19:37:00
securityvulns
securityvulns
sudo security vulnerabilities
2014-03-18 00:00:00
[USN-2146-1] Sudo vulnerabilities
2014-03-18 00:00:00
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
2015-08-17 00:00:00
cve
cve
CVE-2014-0106
2014-03-11 19:37:00
slackware
slackware
[slackware-security] sudo
2014-03-06 05:36:43
veracode
veracode
Authorization Bypass
2019-01-15 08:58:20
ubuntu
ubuntu
Sudo vulnerabilities
2014-03-13 00:00:00
redhat
redhat
(RHSA-2014:0266) Moderate: sudo security update
2014-03-10 00:00:00
seebug
seebug
Todd Miller Sudo 'validate_env_vars()'本地权限提升漏洞
2014-03-12 00:00:00
ubuntucve
ubuntucve
CVE-2014-0106
2014-03-11 00:00:00
centos
centos
sudo security update
2014-03-10 16:34:59
debian
debian
[SECURITY] [DLA 160-1] sudo security update
2015-02-27 20:08:38
osv
osv
sudo - security update
2015-02-27 00:00:00
6.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
Related for DEBIANCVE:CVE-2014-0106