Sudo Vulnerability in Version Prior to 1.8.12 Allows Local File Access
CVE-2014-9680

3.3LOW

Key Information:

Vendor

Sudo Project

Status
Sudo
Vendor
CVE Published:
24 April 2017

What is CVE-2014-9680?

The sudo program, specifically versions before 1.8.12, has an improper input validation vulnerability that allows local users to gain unauthorized read access to arbitrary files. This exploitation occurs through manipulation of the TZ environment variable and can involve executing a program within a sudo session. This can be achieved by impacting terminal output and discarding kernel-log messages, leading to significant risks for system integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://security.gentoo.org/glsa/201504-02
vendor-advisoryx_refsource_GENTOO
http://www.securitytracker.com/id/1033158
vdb-entryx_refsource_SECTRACK
http://openwall.com/lists/oss-security/2014/10/15/24
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.