Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24065
HistoryApr 10, 2020 - 12:45 a.m.

Arbitrary Code Execution

2020-04-1000:45:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
arbitrary code execution
sudo
environment variables
local user
secure path
software

EPSS

0

Percentile

10.1%

sudo is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the environment variables set by sudo, which could result in those values being used by the executed command instead of the values set by sudo. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting.

References