CVE-2014-0106

EPSS 0.05%

sudo - security update

發布日:2014/3/11修改日:2026/4/28

也稱為:DEBIAN-CVE-2014-0106

描述

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

受影響套件(2)

Debian/sudofrom 0, < 1.8.5p2-1
Debian/sudofrom 0, < 1.7.4p4-2.squeeze.5

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0106