Описание
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.8.9p5-1ubuntu5 |
| esm-infra-legacy/trusty | released | 1.8.9p5-1ubuntu1.1 |
| lucid | released | 1.7.2p1-1ubuntu5.8 |
| precise | released | 1.8.3p1-1ubuntu3.7 |
| trusty | released | 1.8.9p5-1ubuntu1.1 |
| trusty/esm | released | 1.8.9p5-1ubuntu1.1 |
| upstream | released | 1.7.10p9, 1.8.12 |
| utopic | released | 1.8.9p5-1ubuntu2.1 |
Показывать по
EPSS
2.1 Low
CVSS2
3.3 Low
CVSS3
Связанные уязвимости
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.
sudo before 1.8.12 does not ensure that the TZ environment variable is ...
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.
EPSS
2.1 Low
CVSS2
3.3 Low
CVSS3