CVE-2014-0106
- ULN >
- Oracle Linux CVE repository >
- CVE-2014-0106
CVE Details
| Release Date: | 2014-03-06 |
Description
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
See more information about CVE-2014-0106 from MITRE CVE dictionary and NIST NVD
CVSS v2.0 metrics
NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.
| Base Score: | 6.6 | Base Metrics: | AV:L/AC:M/Au:S/C:C/I:C/A:C |
| Access Vector: | Local network | Attack Complexity: | Medium |
| Authentication: | Requires single instance | Confidentiality Impact: | Complete |
| Integrity Impact: | Complete | Availability Impact: | Complete |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 5 (sudo) | ELSA-2014-0266 | 2014-03-10 |
| Oracle VM version 3.2 (sudo) | OVMSA-2016-0079 | 2016-06-20 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
