Lucene search
GoogleOSV:DLA-160-1HistoryFeb 27, 2015 - 12:00 a.m.
sudo - security update
2015-02-2700:00:00
Google
osv.dev
14
0.0004 Low
EPSS
Percentile
5.1%
This update fixes the CVEs described below.
- CVE-2014-0106
Todd C. Miller reported that if the env_reset option is disabled
in the sudoers file, the env_delete option is not correctly
applied to environment variables specified on the command line. A
malicious user with sudo permissions may be able to run arbitrary
commands with elevated privileges by manipulating the environment
of a command the user is legitimately allowed to run. - CVE-2014-9680
Jakub Wilk reported that sudo preserves the TZ variable from a
user’s environment without any sanitization. A user with sudo
access may take advantage of this to exploit bugs in the C library
functions which parse the TZ environment variable or to open files
that the user would not otherwise be able to open. The latter
could potentially cause changes in system behavior when reading
certain device special files or cause the program run via sudo to
block.
For the oldstable distribution (squeeze), these problems have been fixed
in version 1.7.4p4-2.squeeze.5.
For the stable distribution (wheezy), they have been fixed in version
1.8.5p2-1+nmu2.
We recommend that you upgrade your sudo packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sudo | eq | 1.7.4p4-2.squeeze.1 | |
| sudo | eq | 1.7.4p4-2.squeeze.4 | |
| sudo | eq | 1.7.4p4-2.squeeze.3 | |
| sudo | eq | 1.7.4p4-2.squeeze.2 |
References
Related
nessus
nessus
Debian DLA-160-1 : sudo security update
2015-03-26 00:00:00
Mandriva Linux Security Advisory : sudo (MDVSA-2015:126)
2015-03-30 00:00:00
openSUSE Security Update : sudo (openSUSE-2015-703)
2015-11-05 00:00:00
debian
debian
[SECURITY] [DLA 160-1] sudo security update
2015-02-27 20:08:38
[SECURITY] [DSA 3167-1] sudo security update
2015-02-22 10:16:41
[SECURITY] [DSA 3167-1] sudo security update
2015-02-22 10:16:41
openvas
openvas
Debian: Security Advisory (DLA-160-1)
2023-03-08 00:00:00
Fedora Update for sudo FEDORA-2015-2281
2015-02-23 00:00:00
Fedora Update for sudo FEDORA-2015-2247
2015-02-25 00:00:00
centos
centos
sudo security update
2015-07-26 14:12:38
sudo security update
2014-03-10 16:34:59
securityvulns
securityvulns
sudo privilege escalation
2015-03-08 00:00:00
[SECURITY] [DSA 3167-1] sudo security update
2015-03-08 00:00:00
sudo security vulnerabilities
2014-03-18 00:00:00
redhat
redhat
(RHSA-2015:1409) Moderate: sudo security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2014:0266) Moderate: sudo security update
2014-03-10 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: sudo-1.8.12-1.fc21
2015-02-22 06:04:59
[SECURITY] Fedora 20 Update: sudo-1.8.12-1.fc20
2015-02-23 23:25:03
debiancve
debiancve
CVE-2014-9680
2017-04-24 06:59:00
CVE-2014-0106
2014-03-11 19:37:03
gentoo
gentoo
sudo: Information disclosure
2015-04-11 00:00:00
sudo: Privilege escalation
2014-06-27 00:00:00
veracode
veracode
Arbitrary File Read
2019-01-15 09:06:44
Authorization Bypass
2019-01-15 08:58:20
slackware
slackware
[slackware-security] sudo
2015-02-16 21:15:57
[slackware-security] sudo
2014-03-06 05:36:43
oraclelinux
oraclelinux
sudo security, bug fix, and enhancement update
2015-07-28 00:00:00
sudo security update
2014-03-10 00:00:00
mageia
mageia
Updated sudo packages fix CVE-2014-9680
2015-02-19 17:43:07
ibm
ibm
cve
cve
CVE-2014-9680
2017-04-24 06:59:00
CVE-2014-0106
2014-03-11 19:37:03
ubuntucve
ubuntucve
CVE-2014-9680
2014-12-31 00:00:00
CVE-2014-0106
2014-03-11 00:00:00
prion
prion
Code injection
2017-04-24 06:59:00
Command injection
2014-03-11 19:37:00
cvelist
cvelist
CVE-2014-9680
2017-04-24 06:12:00
CVE-2014-0106
2014-03-11 15:00:00
ubuntu
ubuntu
Sudo vulnerability
2015-03-16 00:00:00
Sudo vulnerabilities
2014-03-13 00:00:00
osv
osv
sudo - security update
2015-02-22 00:00:00
nvd
nvd
CVE-2014-9680
2017-04-24 06:59:00
CVE-2014-0106
2014-03-11 19:37:03
suse
suse
Security update for sudo (important)
2014-04-03 20:04:17
seebug
seebug
Todd Miller Sudo 'validate_env_vars()'本地权限提升漏洞
2014-03-12 00:00:00
