Lucene search
RootSSV:61746HistoryMar 12, 2014 - 12:00 a.m.
Todd Miller Sudo 'validate_env_vars()'本地权限提升漏洞
2014-03-1200:00:00
Root
www.seebug.org
19
0.0004 Low
EPSS
Percentile
5.7%
BUGTRAQ ID: 65997
CVE(CAN) ID: CVE-2014-0106
Sudo是允许系统管理员让普通用户执行一些或者全部的root命令的一个工具,减少了root用户的登陆和管理时间,提高了安全性。
sudo 1.6.9-1.8.4p5版本启用后env_reset后,没有正确过滤某些环境变量,在实现上存在本地权限提升漏洞,本地攻击者可利用此漏洞以提升的权限运行任意命令。
0
Todd Miller Sudo 1.6.9 - 1.8.4p5
厂商补丁:
Todd Miller
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
suse
suse
Security update for sudo (important)
2014-04-03 20:04:17
nessus
nessus
Oracle Linux 5 : sudo (ELSA-2014-0266)
2014-03-11 00:00:00
CentOS 5 : sudo (CESA-2014:0266)
2014-03-11 00:00:00
RHEL 5 : sudo (RHSA-2014:0266)
2014-03-11 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2014-064-01)
2022-04-21 00:00:00
RedHat Update for sudo RHSA-2014:0266-01
2014-03-12 00:00:00
CentOS Update for sudo CESA-2014:0266 centos5
2014-03-12 00:00:00
gentoo
gentoo
sudo: Privilege escalation
2014-06-27 00:00:00
oraclelinux
oraclelinux
sudo security update
2014-03-10 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:58:20
ubuntu
ubuntu
Sudo vulnerabilities
2014-03-13 00:00:00
redhat
redhat
(RHSA-2014:0266) Moderate: sudo security update
2014-03-10 00:00:00
ubuntucve
ubuntucve
CVE-2014-0106
2014-03-11 00:00:00
centos
centos
sudo security update
2014-03-10 16:34:59
securityvulns
securityvulns
sudo security vulnerabilities
2014-03-18 00:00:00
[USN-2146-1] Sudo vulnerabilities
2014-03-18 00:00:00
Apple Mac OS X / OS X Server multiple security vulnerabilities
2015-08-17 00:00:00
prion
prion
Command injection
2014-03-11 19:37:00
slackware
slackware
[slackware-security] sudo
2014-03-06 05:36:43
debiancve
debiancve
CVE-2014-0106
2014-03-11 19:37:00
cve
cve
CVE-2014-0106
2014-03-11 19:37:00
debian
debian
[SECURITY] [DLA 160-1] sudo security update
2015-02-27 20:08:38
osv
osv
sudo - security update
2015-02-27 00:00:00