3.8 Low
AI Score
Confidence
High
6.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
Sebastien Macke discovered that Sudo incorrectly filtered environment
variables when the env_reset option was disabled. A local attacker could
use this issue to possibly run unintended commands by using environment
variables that were intended to be blocked. In a default Ubuntu
installation, the env_reset option is enabled by default. This issue only
affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-0106)
It was discovered that the Sudo init script set a date in the past on
existing timestamp files instead of using epoch to invalidate them
completely. A local attacker could possibly modify the system time to
attempt to reuse timestamp files. This issue only applied to Ubuntu
12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (LP: #1223297)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.10 | noarch | sudo | < 1.8.6p3-0ubuntu3.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | sudo-ldap | < 1.8.6p3-0ubuntu3.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | sudo | < 1.8.5p2-1ubuntu1.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | sudo-ldap | < 1.8.5p2-1ubuntu1.2 | UNKNOWN |
Ubuntu | 12.04 | noarch | sudo | < 1.8.3p1-1ubuntu3.6 | UNKNOWN |
Ubuntu | 12.04 | noarch | sudo-ldap | < 1.8.3p1-1ubuntu3.6 | UNKNOWN |
Ubuntu | 10.04 | noarch | sudo | < 1.7.2p1-1ubuntu5.7 | UNKNOWN |
Ubuntu | 10.04 | noarch | sudo-ldap | < 1.7.2p1-1ubuntu5.7 | UNKNOWN |