Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2014-9680

Опубликовано: 24 апр. 2017
Источник: debian
EPSS Низкий

Описание

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
sudofixed1.8.12-1package
sudofixed1.8.10p3-1+deb8u2jessiepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2014/10/15/24

  • http://www.sudo.ws/repos/sudo/rev/650ac6938b59 (1.8.x)

  • http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0 (typos)

  • http://www.sudo.ws/repos/sudo/rev/91859f613b88 (description)

  • http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0 (improved description)

  • https://www.openwall.com/lists/oss-security/2015/02/09/12

EPSS

Процентиль: 59%
0.00377
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2014-9680

CVSS3: 3.3
ubuntu
больше 8 лет назад

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

redhat логотип

CVE-2014-9680

redhat
около 11 лет назад

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

nvd логотип

CVE-2014-9680

CVSS3: 3.3
nvd
больше 8 лет назад

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

suse-cvrf логотип

openSUSE-SU-2015:1849-1

suse-cvrf
около 10 лет назад

Security update for sudo

github логотип

GHSA-xgww-w8fw-rw7h

CVSS3: 3.3
github
больше 3 лет назад

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

EPSS

Процентиль: 59%
0.00377
Низкий