Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2014-0106
HistoryMar 11, 2014 - 12:00 a.m.

CVE-2014-0106

2014-03-1100:00:00
ubuntu.com
ubuntu.com
10

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly
check environment variables for the env_delete restriction, which allows
local users with sudo permissions to bypass intended command restrictions
via a crafted environment variable.

Notes

Author Note
jdstrand Ubuntu uses env_reset by default
mdeslaur low priority since this is only vulnerable in a non-default configuration, and not using env_reset is insecure anyway.
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchsudo< 1.7.2p1-1ubuntu5.7UNKNOWN
ubuntu12.04noarchsudo< 1.8.3p1-1ubuntu3.6UNKNOWN

Related

suse 1
nessus 12
gentoo 1
openvas 12
veracode 1
ubuntu 1
prion 1
securityvulns 4
cve 1
slackware 1
debiancve 1
oraclelinux 1
redhat 1
seebug 1
centos 1
debian 1
osv 1
suse
suse
Security update for sudo (important)
2014-04-03 20:04:17
nessus
nessus
Oracle Linux 5 : sudo (ELSA-2014-0266)
2014-03-11 00:00:00
CentOS 5 : sudo (CESA-2014:0266)
2014-03-11 00:00:00
Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20140310)
2014-03-11 00:00:00
gentoo
gentoo
sudo: Privilege escalation
2014-06-27 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2014-064-01)
2022-04-21 00:00:00
RedHat Update for sudo RHSA-2014:0266-01
2014-03-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:0475-1)
2021-06-09 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:58:20
ubuntu
ubuntu
Sudo vulnerabilities
2014-03-13 00:00:00
prion
prion
Command injection
2014-03-11 19:37:00
securityvulns
securityvulns
sudo security vulnerabilities
2014-03-18 00:00:00
[USN-2146-1] Sudo vulnerabilities
2014-03-18 00:00:00
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
2015-08-17 00:00:00
cve
cve
CVE-2014-0106
2014-03-11 19:37:00
slackware
slackware
[slackware-security] sudo
2014-03-06 05:36:43
debiancve
debiancve
CVE-2014-0106
2014-03-11 19:37:00
oraclelinux
oraclelinux
sudo security update
2014-03-10 00:00:00
redhat
redhat
(RHSA-2014:0266) Moderate: sudo security update
2014-03-10 00:00:00
seebug
seebug
Todd Miller Sudo 'validate_env_vars()'本地权限提升漏洞
2014-03-12 00:00:00
centos
centos
sudo security update
2014-03-10 16:34:59
debian
debian
[SECURITY] [DLA 160-1] sudo security update
2015-02-27 20:08:38
osv
osv
sudo - security update
2015-02-27 00:00:00

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for UB:CVE-2014-0106
suse1nessus12gentoo1openvas12veracode1ubuntu1prion1securityvulns4cve1slackware1debiancve1oraclelinux1redhat1seebug1centos1debian1osv1