CVE-2014-0106

NONE EPSS 25.7%
Published Mar 11, 201412y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 11, 2014 12y ago
Last Modified Jun 17, 2026 2w ago

Description

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

Threat Intelligence

EPSS Exploit Probability
25.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 59

VendorProductVersionRange
applemac_os_x* ≤10.10.4
todd_millersudo1.6.9any
todd_millersudo1.6.9p20any
todd_millersudo1.6.9p21any
todd_millersudo1.6.9p22any
todd_millersudo1.6.9p23any
todd_millersudo1.7.0any
todd_millersudo1.7.1any
todd_millersudo1.7.2any
todd_millersudo1.7.2p1any
todd_millersudo1.7.2p2any
todd_millersudo1.7.2p3any
todd_millersudo1.7.2p4any
todd_millersudo1.7.2p5any
todd_millersudo1.7.2p6any
todd_millersudo1.7.2p7any
todd_millersudo1.7.3b1any
todd_millersudo1.7.4any
todd_millersudo1.7.4p1any
todd_millersudo1.7.4p2any
todd_millersudo1.7.4p3any
todd_millersudo1.7.4p4any
todd_millersudo1.7.4p5any
todd_millersudo1.7.4p6any
todd_millersudo1.7.5any
todd_millersudo1.7.6any
todd_millersudo1.7.6p1any
todd_millersudo1.7.6p2any
todd_millersudo1.7.7any
todd_millersudo1.7.8any
todd_millersudo1.7.8p1any
todd_millersudo1.7.8p2any
todd_millersudo1.7.9any
todd_millersudo1.7.9p1any
todd_millersudo1.7.10any
todd_millersudo1.7.10p1any
todd_millersudo1.7.10p2any
todd_millersudo1.7.10p3any
todd_millersudo1.7.10p4any
todd_millersudo1.7.10p5any
todd_millersudo1.7.10p6any
todd_millersudo1.7.10p7any
todd_millersudo1.7.10p8any
todd_millersudo1.7.10p9any
todd_millersudo1.7.10p10any
todd_millersudo1.8.0any
todd_millersudo1.8.1any
todd_millersudo1.8.1p1any
todd_millersudo1.8.1p2any
todd_millersudo1.8.2any
todd_millersudo1.8.3any
todd_millersudo1.8.3p1any
todd_millersudo1.8.3p2any
todd_millersudo1.8.4any
todd_millersudo1.8.4p1any
todd_millersudo1.8.4p2any
todd_millersudo1.8.4p3any
todd_millersudo1.8.4p4any
todd_millersudo1.8.4p5any

References 9

  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2014-0266.html
  • openwall.com http://www.openwall.com/lists/oss-security/2014/03/06/2
  • oracle.com http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
  • securityfocus.com http://www.securityfocus.com/bid/65997
  • sudo.ws http://www.sudo.ws/sudo/alerts/env_add.html
    PatchVendor Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-2146-1
  • support.apple.com https://support.apple.com/kb/HT205031
    Vendor Advisory

Remediation

  • sudo.ws http://www.sudo.ws/sudo/alerts/env_add.html
    PatchVendor Advisory