CVE-2014-0106
published 2014-03-11CVE-2014-0106: Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users…
medium6.6CVSS 3.1
AVLACMAuSCCICAC
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Affected
65 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | <= 10.10.4 | — |
| apple | os_x_yosemite_v10.10.5_and_security_update_2015-006 | — | — |
| debian | sudo | < sudo 1.8.5p2-1 (bookworm) | sudo 1.8.5p2-1 (bookworm) |
| sudo_project | sudo | >= 0 < 1.8.5p2-1 | 1.8.5p2-1 |
| sudo_project | sudo | >= 0 < 1.8.5p2-1 | 1.8.5p2-1 |
| sudo_project | sudo | >= 0 < 1.8.5p2-1 | 1.8.5p2-1 |
| sudo_project | sudo | >= 0 < 1.8.5p2-1 | 1.8.5p2-1 |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
CVSS provenance
nvd6.6MEDIUMAV:L/AC:M/Au:S/C:C/I:C/A:C
osv6.6MEDIUM