Описание
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| lucid | released | 1.7.2p1-1ubuntu5.7 |
| precise | released | 1.8.3p1-1ubuntu3.6 |
| quantal | not-affected | 1.8.5p2-1ubuntu1.1 |
| saucy | not-affected | |
| upstream | released | 1.8.5 |
Показывать по
EPSS
6.6 Medium
CVSS2
Связанные уязвимости
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly ...
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
EPSS
6.6 Medium
CVSS2