CVE-2014-0106

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2014-0106
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2014-03-11 19:37:00 UTC
Updated2017-12-16 02:29:00 UTC
DescriptionSudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Apple Mac Os X All All All All
Application Todd Miller Sudo 1.6.9 All All All
Application Todd Miller Sudo 1.6.9p20 All All All
Application Todd Miller Sudo 1.6.9p21 All All All
Application Todd Miller Sudo 1.6.9p22 All All All
Application Todd Miller Sudo 1.6.9p23 All All All
Application Todd Miller Sudo 1.7.0 All All All
Application Todd Miller Sudo 1.7.1 All All All
Application Todd Miller Sudo 1.7.10 All All All
Application Todd Miller Sudo 1.7.10p1 All All All
Application Todd Miller Sudo 1.7.10p10 All All All
Application Todd Miller Sudo 1.7.10p2 All All All
Application Todd Miller Sudo 1.7.10p3 All All All
Application Todd Miller Sudo 1.7.10p4 All All All
Application Todd Miller Sudo 1.7.10p5 All All All
Application Todd Miller Sudo 1.7.10p6 All All All
Application Todd Miller Sudo 1.7.10p7 All All All
Application Todd Miller Sudo 1.7.10p8 All All All
Application Todd Miller Sudo 1.7.10p9 All All All
Application Todd Miller Sudo 1.7.2 All All All
Application Todd Miller Sudo 1.7.2p1 All All All
Application Todd Miller Sudo 1.7.2p2 All All All
Application Todd Miller Sudo 1.7.2p3 All All All
Application Todd Miller Sudo 1.7.2p4 All All All
Application Todd Miller Sudo 1.7.2p5 All All All
Application Todd Miller Sudo 1.7.2p6 All All All
Application Todd Miller Sudo 1.7.2p7 All All All
Application Todd Miller Sudo 1.7.3b1 All All All
Application Todd Miller Sudo 1.7.4 All All All
Application Todd Miller Sudo 1.7.4p1 All All All
Application Todd Miller Sudo 1.7.4p2 All All All
Application Todd Miller Sudo 1.7.4p3 All All All
Application Todd Miller Sudo 1.7.4p4 All All All
Application Todd Miller Sudo 1.7.4p5 All All All
Application Todd Miller Sudo 1.7.4p6 All All All
Application Todd Miller Sudo 1.7.5 All All All
Application Todd Miller Sudo 1.7.6 All All All
Application Todd Miller Sudo 1.7.6p1 All All All
Application Todd Miller Sudo 1.7.6p2 All All All
Application Todd Miller Sudo 1.7.7 All All All
Application Todd Miller Sudo 1.7.8 All All All
Application Todd Miller Sudo 1.7.8p1 All All All
Application Todd Miller Sudo 1.7.8p2 All All All
Application Todd Miller Sudo 1.7.9 All All All
Application Todd Miller Sudo 1.7.9p1 All All All
Application Todd Miller Sudo 1.8.0 All All All
Application Todd Miller Sudo 1.8.1 All All All
Application Todd Miller Sudo 1.8.1p1 All All All
Application Todd Miller Sudo 1.8.1p2 All All All
Application Todd Miller Sudo 1.8.2 All All All
Application Todd Miller Sudo 1.8.3 All All All
Application Todd Miller Sudo 1.8.3p1 All All All
Application Todd Miller Sudo 1.8.3p2 All All All
Application Todd Miller Sudo 1.8.4 All All All
Application Todd Miller Sudo 1.8.4p1 All All All
Application Todd Miller Sudo 1.8.4p2 All All All
Application Todd Miller Sudo 1.8.4p3 All All All
Application Todd Miller Sudo 1.8.4p4 All All All
Application Todd Miller Sudo 1.8.4p5 All All All
Application Todd Miller Sudo 1.6.9 All All All
Application Todd Miller Sudo 1.6.9p20 All All All
Application Todd Miller Sudo 1.6.9p21 All All All
Application Todd Miller Sudo 1.6.9p22 All All All
Application Todd Miller Sudo 1.6.9p23 All All All
Application Todd Miller Sudo 1.7.0 All All All
Application Todd Miller Sudo 1.7.1 All All All
Application Todd Miller Sudo 1.7.10 All All All
Application Todd Miller Sudo 1.7.10p1 All All All
Application Todd Miller Sudo 1.7.10p10 All All All
Application Todd Miller Sudo 1.7.10p2 All All All
Application Todd Miller Sudo 1.7.10p3 All All All
Application Todd Miller Sudo 1.7.10p4 All All All
Application Todd Miller Sudo 1.7.10p5 All All All
Application Todd Miller Sudo 1.7.10p6 All All All
Application Todd Miller Sudo 1.7.10p7 All All All
Application Todd Miller Sudo 1.7.10p8 All All All
Application Todd Miller Sudo 1.7.10p9 All All All
Application Todd Miller Sudo 1.7.2 All All All
Application Todd Miller Sudo 1.7.2p1 All All All
Application Todd Miller Sudo 1.7.2p2 All All All
Application Todd Miller Sudo 1.7.2p3 All All All
Application Todd Miller Sudo 1.7.2p4 All All All
Application Todd Miller Sudo 1.7.2p5 All All All
Application Todd Miller Sudo 1.7.2p6 All All All
Application Todd Miller Sudo 1.7.2p7 All All All
Application Todd Miller Sudo 1.7.3b1 All All All
Application Todd Miller Sudo 1.7.4 All All All
Application Todd Miller Sudo 1.7.4p1 All All All
Application Todd Miller Sudo 1.7.4p2 All All All
Application Todd Miller Sudo 1.7.4p3 All All All
Application Todd Miller Sudo 1.7.4p4 All All All
Application Todd Miller Sudo 1.7.4p5 All All All
Application Todd Miller Sudo 1.7.4p6 All All All
Application Todd Miller Sudo 1.7.5 All All All
Application Todd Miller Sudo 1.7.6 All All All
Application Todd Miller Sudo 1.7.6p1 All All All
Application Todd Miller Sudo 1.7.6p2 All All All
Application Todd Miller Sudo 1.7.7 All All All
Application Todd Miller Sudo 1.7.8 All All All
Application Todd Miller Sudo 1.7.8p1 All All All
Application Todd Miller Sudo 1.7.8p2 All All All
Application Todd Miller Sudo 1.7.9 All All All
Application Todd Miller Sudo 1.7.9p1 All All All
Application Todd Miller Sudo 1.8.0 All All All
Application Todd Miller Sudo 1.8.1 All All All
Application Todd Miller Sudo 1.8.1p1 All All All
Application Todd Miller Sudo 1.8.1p2 All All All
Application Todd Miller Sudo 1.8.2 All All All
Application Todd Miller Sudo 1.8.3 All All All
Application Todd Miller Sudo 1.8.3p1 All All All
Application Todd Miller Sudo 1.8.3p2 All All All
Application Todd Miller Sudo 1.8.4 All All All
Application Todd Miller Sudo 1.8.4p1 All All All
Application Todd Miller Sudo 1.8.4p2 All All All
Application Todd Miller Sudo 1.8.4p3 All All All
Application Todd Miller Sudo 1.8.4p4 All All All
Application Todd Miller Sudo 1.8.4p5 All All All

References

ReferenceSourceLinkTags
[security-announce] SUSE-SU-2014:0475-1: important: Security update for SUSE lists.opensuse.org
About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple Support CONFIRM support.apple.com Vendor Advisory
Todd Miller Sudo 'validate_env_vars()' Local Privilege Escalation Vulnerability BID www.securityfocus.com
oss-security - sudo: security policy bypass when env_reset is disabled MLIST www.openwall.com
Security policy bypass when env_reset is disabled CONFIRM www.sudo.ws Patch, Vendor Advisory
Oracle VM Server for x86 Bulletin - July 2016 CONFIRM www.oracle.com
Red Hat Customer Portal REDHAT rhn.redhat.com
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 APPLE lists.apple.com
USN-2146-1: Sudo vulnerabilities | Ubuntu UBUNTU www.ubuntu.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report