CVE-2014-0106
sudo: certain environment variables not sanitized when env_reset is disabled
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Sudo 1.6.9 anterior a 1.8.5, cuando env_reset está deshabilitada, no comprueba debidamente variables de entorno para la restricción env_delete, lo que permite a usuarios locales con permisos sudo evadir restricciones de comando a través de una variable de entorno manipulada.
Sebastien Macke discovered that Sudo incorrectly handled blacklisted environment variables when the env_reset option was disabled. A local attacker could use this issue to possibly run unintended commands by using blacklisted environment variables. In a default Ubuntu installation, the env_reset option is enabled by default. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. It was discovered that the Sudo init script set a date in the past on existing timestamp files instead of using epoch to invalidate them completely. A local attacker could possibly modify the system time to attempt to reuse timestamp files. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. Various other issues were also addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-12-03 CVE Reserved
- 2014-03-06 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/03/06/2 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/65997 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.sudo.ws/sudo/alerts/env_add.html | 2017-12-16 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | 2017-12-16 | |
| http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html | 2017-12-16 | |
| http://rhn.redhat.com/errata/RHSA-2014-0266.html | 2017-12-16 | |
| http://www.ubuntu.com/usn/USN-2146-1 | 2017-12-16 | |
| https://support.apple.com/kb/HT205031 | 2017-12-16 | |
| https://access.redhat.com/security/cve/CVE-2014-0106 | 2014-03-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1071780 | 2014-03-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.10.4 Search vendor "Apple" for product "Mac Os X" and version " <= 10.10.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9p20 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9p20" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9p21 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9p21" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9p22 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9p22" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9p23 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9p23" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.0 Search vendor "Todd Miller" for product "Sudo" and version "1.7.0" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p3 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p5 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p6 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p7 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.3b1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.3b1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p3 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p5 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p6 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.5 Search vendor "Todd Miller" for product "Sudo" and version "1.7.5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.6 Search vendor "Todd Miller" for product "Sudo" and version "1.7.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.6p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.6p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.6p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.6p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.7 Search vendor "Todd Miller" for product "Sudo" and version "1.7.7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.8 Search vendor "Todd Miller" for product "Sudo" and version "1.7.8" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.8p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.8p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.8p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.8p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.9 Search vendor "Todd Miller" for product "Sudo" and version "1.7.9" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.9p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.9p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p3 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p5 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p6 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p7 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p8 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p8" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p9 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p9" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p10 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p10" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.0 Search vendor "Todd Miller" for product "Sudo" and version "1.8.0" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.1p1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.1p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.1p2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.1p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.3 Search vendor "Todd Miller" for product "Sudo" and version "1.8.3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.3p1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.3p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.3p2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.3p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4p1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4p2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4p3 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4p4 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4p5 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4p5" | - |
Affected
| ||||||