Release date:
Updated on:
Affected Systems:
Todd Miller Sudo 1.6.9-1.8.4p5
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65997
CVE (CAN) ID: CVE-2014-0106
Sudo is a tool that allows system administrators to allow common users to execute some or all of the root commands, reducing the login and management time of root users and improving security.
After env_reset is enabled in sudo 1.6.9-1.8.4p5, some environment variables are not properly filtered. The local permission escalation vulnerability exists. Local attackers can exploit this vulnerability to run arbitrary commands.
<* Source: Sebastien Macke
Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 1071780
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Todd Miller
-----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.sudo.ws/sudo/dist/
Http://www.sudo.ws/repos/sudo/rev/748cefb49422