CVE-2014-0106

EPSS 0.05%

sudo - security update

Published: 3/11/2014Modified: 4/28/2026

Description

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

Affected packages (2)

Debian/sudofrom 0, < 1.8.5p2-1
Debian/sudofrom 0, < 1.7.4p4-2.squeeze.5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-0106