CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:sudo_project:sudo:*:p2:*:*:*:*:*:*

Information

Published : 2017-04-23 23:59

Updated : 2018-01-04 18:29


NVD link : CVE-2014-9680

Mitre link : CVE-2014-9680


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

sudo_project

  • sudo