Security Advisory

CVE-2014-0106

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-03-11 15:00:00

Last updated 2024-08-06 09:05:38

Assigner redhat

State PUBLISHED

Description

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

← Browse all CVEs View on cve.org ↗