Novell Home

CVE-2014-0106

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0106 at MITRE

Description

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

NVD CVSS v2 Base Score: 6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 866503

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • sudo >= 1.7.6p2-0.21.1
Builds
SAT Patch Nr: 9044
SUSE Linux Enterprise Server 11 SP1
  • sudo-debuginfo >= 1.7.6p2-0.2.14.1
Builds
SAT Patch Nr: 9054

© 2014 Novell