Novell Home

CVE-2014-0106

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-0106 at MITRE

Description

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

NVD CVSS v2 Base Score: 6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C)

SUSE information

SUSE Bugzilla entry: 866503

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • sudo >= 1.7.6p2-0.21.1
Builds
SAT Patch Nr: 9044
openSUSE Evergreen 11.4
  • sudo >= 1.7.6p2-0.23.1
  • sudo-debuginfo >= 1.7.6p2-0.23.1
  • sudo-debugsource >= 1.7.6p2-0.23.1
Patchnames:
2014-55

© 2015 Novell