CVE-2014-0106

EPSS 0.07%
Published 11.03.2014 19:37:03
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ macOS X Version <= 10.10.4

Todd Miller ≫ Sudo Version1.6.9

Todd Miller ≫ Sudo Version1.6.9p20

Todd Miller ≫ Sudo Version1.6.9p21

Todd Miller ≫ Sudo Version1.6.9p22

Todd Miller ≫ Sudo Version1.6.9p23

Todd Miller ≫ Sudo Version1.7.0

Todd Miller ≫ Sudo Version1.7.1

Todd Miller ≫ Sudo Version1.7.2

Todd Miller ≫ Sudo Version1.7.2p1

Todd Miller ≫ Sudo Version1.7.2p2

Todd Miller ≫ Sudo Version1.7.2p3

Todd Miller ≫ Sudo Version1.7.2p4

Todd Miller ≫ Sudo Version1.7.2p5

Todd Miller ≫ Sudo Version1.7.2p6

Todd Miller ≫ Sudo Version1.7.2p7

Todd Miller ≫ Sudo Version1.7.3b1

Todd Miller ≫ Sudo Version1.7.4

Todd Miller ≫ Sudo Version1.7.4p1

Todd Miller ≫ Sudo Version1.7.4p2

Todd Miller ≫ Sudo Version1.7.4p3

Todd Miller ≫ Sudo Version1.7.4p4

Todd Miller ≫ Sudo Version1.7.4p5

Todd Miller ≫ Sudo Version1.7.4p6

Todd Miller ≫ Sudo Version1.7.5

Todd Miller ≫ Sudo Version1.7.6

Todd Miller ≫ Sudo Version1.7.6p1

Todd Miller ≫ Sudo Version1.7.6p2

Todd Miller ≫ Sudo Version1.7.7

Todd Miller ≫ Sudo Version1.7.8

Todd Miller ≫ Sudo Version1.7.8p1

Todd Miller ≫ Sudo Version1.7.8p2

Todd Miller ≫ Sudo Version1.7.9

Todd Miller ≫ Sudo Version1.7.9p1

Todd Miller ≫ Sudo Version1.7.10

Todd Miller ≫ Sudo Version1.7.10p1

Todd Miller ≫ Sudo Version1.7.10p2

Todd Miller ≫ Sudo Version1.7.10p3

Todd Miller ≫ Sudo Version1.7.10p4

Todd Miller ≫ Sudo Version1.7.10p5

Todd Miller ≫ Sudo Version1.7.10p6

Todd Miller ≫ Sudo Version1.7.10p7

Todd Miller ≫ Sudo Version1.7.10p8

Todd Miller ≫ Sudo Version1.7.10p9

Todd Miller ≫ Sudo Version1.7.10p10

Todd Miller ≫ Sudo Version1.8.0

Todd Miller ≫ Sudo Version1.8.1

Todd Miller ≫ Sudo Version1.8.1p1

Todd Miller ≫ Sudo Version1.8.1p2

Todd Miller ≫ Sudo Version1.8.2

Todd Miller ≫ Sudo Version1.8.3

Todd Miller ≫ Sudo Version1.8.3p1

Todd Miller ≫ Sudo Version1.8.3p2

Todd Miller ≫ Sudo Version1.8.4

Todd Miller ≫ Sudo Version1.8.4p1

Todd Miller ≫ Sudo Version1.8.4p2

Todd Miller ≫ Sudo Version1.8.4p3

Todd Miller ≫ Sudo Version1.8.4p4

Todd Miller ≫ Sudo Version1.8.4p5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.211

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.6	2.7	10	AV:L/AC:M/Au:S/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

https://support.apple.com/kb/HT205031

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html

http://rhn.redhat.com/errata/RHSA-2014-0266.html

http://www.openwall.com/lists/oss-security/2014/03/06/2

http://www.securityfocus.com/bid/65997

http://www.sudo.ws/sudo/alerts/env_add.html

Patch

Vendor Advisory

http://www.ubuntu.com/usn/USN-2146-1

https://nvd.nist.gov/vuln/detail/CVE-2014-0106

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0106

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0106

EUVD