Strix
26.1K

CVE-2014-0106

UnknownEPSS 0.34%

Last modified

CVE-2014-0106 is a vulnerability of currently unknown severity. Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.

Description

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

Metrics

EPSS Probability
0.34%

25.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AppleMac Os X<= 10.10.4
Todd MillerSudo1.6.9
Todd MillerSudo1.6.9p20
Todd MillerSudo1.6.9p21
Todd MillerSudo1.6.9p22
Todd MillerSudo1.6.9p23
Todd MillerSudo1.7.0
Todd MillerSudo1.7.1
Todd MillerSudo1.7.2
Todd MillerSudo1.7.2p1
Todd MillerSudo1.7.2p2
Todd MillerSudo1.7.2p3
Todd MillerSudo1.7.2p4
Todd MillerSudo1.7.2p5
Todd MillerSudo1.7.2p6
Todd MillerSudo1.7.2p7
Todd MillerSudo1.7.3b1
Todd MillerSudo1.7.4
Todd MillerSudo1.7.4p1
Todd MillerSudo1.7.4p2
Todd MillerSudo1.7.4p3
Todd MillerSudo1.7.4p4
Todd MillerSudo1.7.4p5
Todd MillerSudo1.7.4p6
Todd MillerSudo1.7.5
Todd MillerSudo1.7.6
Todd MillerSudo1.7.6p1
Todd MillerSudo1.7.6p2
Todd MillerSudo1.7.7
Todd MillerSudo1.7.8
Todd MillerSudo1.7.8p1
Todd MillerSudo1.7.8p2
Todd MillerSudo1.7.9
Todd MillerSudo1.7.9p1
Todd MillerSudo1.7.10
Todd MillerSudo1.7.10p1
Todd MillerSudo1.7.10p2
Todd MillerSudo1.7.10p3
Todd MillerSudo1.7.10p4
Todd MillerSudo1.7.10p5
Todd MillerSudo1.7.10p6
Todd MillerSudo1.7.10p7
Todd MillerSudo1.7.10p8
Todd MillerSudo1.7.10p9
Todd MillerSudo1.7.10p10
Todd MillerSudo1.8.0
Todd MillerSudo1.8.1
Todd MillerSudo1.8.1p1
Todd MillerSudo1.8.1p2
Todd MillerSudo1.8.2

Showing 50 of 59 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-0106?
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
How severe is CVE-2014-0106?
Severity scoring for CVE-2014-0106 is pending analysis. The EPSS model estimates a 0.34% probability of exploitation in the next 30 days.
How do I fix CVE-2014-0106?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-0106?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST