Todd Miller Sudo 'validate_env_vars()' Local Privilege Escalation Vulnerability

Bugtraq ID: 65997
Class: Design Error
CVE: CVE-2014-0106
Remote: No
Local: Yes
Published: Mar 06 2014 12:00AM
Updated: Nov 03 2015 07:02PM
Credit: Sebastien Macke
Vulnerable: Ubuntu Ubuntu Linux 13.10
Ubuntu Ubuntu Linux 12.10
Ubuntu Ubuntu Linux 12.04 LTS
Ubuntu Ubuntu Linux 10.04 LTS
Todd Miller Sudo 1.8.3
Todd Miller Sudo 1.8.2
Todd Miller Sudo 1.8.1
Todd Miller Sudo 1.8
Todd Miller Sudo 1.7.2 p7
Todd Miller Sudo 1.7.2 p6
Todd Miller Sudo 1.7.2 p5
Todd Miller Sudo 1.7.2 p4
Todd Miller Sudo 1.7.2 p3
Todd Miller Sudo 1.7.2 p1
Todd Miller Sudo 1.7
Todd Miller Sudo 1.6.9 p19
Todd Miller Sudo 1.6.9 p18
Todd Miller Sudo 1.6.9 p17
Todd Miller Sudo 1.8.4p5
Todd Miller Sudo 1.8.4P4
Todd Miller Sudo 1.8.4P3
Todd Miller Sudo 1.8.4P2
Todd Miller Sudo 1.8.4P1
Todd Miller Sudo 1.8.4
Todd Miller Sudo 1.8.3p2
Todd Miller Sudo 1.8.3p1
Todd Miller Sudo 1.8.1P2
Todd Miller Sudo 1.8.1P1
Todd Miller Sudo 1.7.9p1
Todd Miller Sudo 1.7.9
Todd Miller Sudo 1.7.8P2
Todd Miller Sudo 1.7.8P1
Todd Miller Sudo 1.7.8
Todd Miller Sudo 1.7.7
Todd Miller Sudo 1.7.6P2
Todd Miller Sudo 1.7.6P1
Todd Miller Sudo 1.7.6
Todd Miller Sudo 1.7.5
Todd Miller Sudo 1.7.4P6
Todd Miller Sudo 1.7.4P5
Todd Miller Sudo 1.7.4p4
Todd Miller Sudo 1.7.4p3
Todd Miller Sudo 1.7.4P2
Todd Miller Sudo 1.7.4P1
Todd Miller Sudo 1.7.4
Todd Miller Sudo 1.7.3B1
Todd Miller Sudo 1.7.2P7
Todd Miller Sudo 1.7.2p6
Todd Miller Sudo 1.7.2P5
Todd Miller Sudo 1.7.2P2
Todd Miller Sudo 1.7.2P1
Todd Miller Sudo 1.7.2
Todd Miller Sudo 1.7.10P9
Todd Miller Sudo 1.7.10P8
Todd Miller Sudo 1.7.10p7
Todd Miller Sudo 1.7.10p6
Todd Miller Sudo 1.7.10p5
Todd Miller Sudo 1.7.10P4
Todd Miller Sudo 1.7.10P3
Todd Miller Sudo 1.7.10P2
Todd Miller Sudo 1.7.10P10
Todd Miller Sudo 1.7.10P1
Todd Miller Sudo 1.7.10
Todd Miller Sudo 1.7.1
Todd Miller Sudo 1.6.9P23
Todd Miller Sudo 1.6.9P22
Todd Miller Sudo 1.6.9P21
Todd Miller Sudo 1.6.9P20
Todd Miller Sudo 1.6.9 p23
Todd Miller Sudo 1.6.9 p22
Todd Miller Sudo 1.6.9 p21
Todd Miller Sudo 1.6.9 p20
Todd Miller Sudo 1.6.9
Slackware Linux 13.37 x86_64
Slackware Linux 13.37
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
Oracle Enterprise Linux 5
Gentoo Linux
CentOS CentOS 5
Avaya Proactive Contact 5.1
Avaya Proactive Contact 5.0
Avaya one-X Client Enablement Services 6.1.2
Avaya one-X Client Enablement Services 6.1.1
Avaya one-X Client Enablement Services 6.1
Avaya Meeting Exchange 6.2
Avaya Meeting Exchange 6.0
Avaya IQ 5.2
Avaya IQ 5.1.1
Avaya IQ 5.1
Avaya IP Office Application Server 8.1
Avaya IP Office Application Server 8.0
Avaya Communication Server 1000M Signaling Server 7.6
Avaya Communication Server 1000M Signaling Server 7.5
Avaya Communication Server 1000M Signaling Server 7.0
Avaya Communication Server 1000M 7.6
Avaya Communication Server 1000M 7.5
Avaya Communication Server 1000M 7.0
Avaya Communication Server 1000E Signaling Server 7.6
Avaya Communication Server 1000E Signaling Server 7.5
Avaya Communication Server 1000E Signaling Server 7.0
Avaya Communication Server 1000E 7.6
Avaya Communication Server 1000E 7.5
Avaya Communication Server 1000E 7.0
Avaya Aura System Platform 6.2.2
Avaya Aura System Platform 6.2.1
Avaya Aura System Platform 6.0.2
Avaya Aura System Platform 6.3
Avaya Aura System Platform 6.2.1.0.9
Avaya Aura System Platform 6.2
Avaya Aura System Platform 6.0.3.9.3
Avaya Aura System Platform 6.0.3.8.3
Avaya Aura System Platform 6.0.3.0.3
Avaya Aura System Platform 6.0
Avaya Aura System Platform 1.1
Avaya Aura System Platform 1.0
Avaya Aura System Manager 6.1.5
Avaya Aura System Manager 6.1.3
Avaya Aura System Manager 6.1.2
Avaya Aura System Manager 6.1.1
Avaya Aura System Manager 6.1
Avaya Aura System Manager 5.2
Avaya Aura Session Manager 6.2.1
Avaya Aura Session Manager 6.1.5
Avaya Aura Session Manager 6.1.3
Avaya Aura Session Manager 6.1.2
Avaya Aura Session Manager 6.1.1
Avaya Aura Session Manager 6.2.3
Avaya Aura Session Manager 6.2.2
Avaya Aura Session Manager 6.2
Avaya Aura Session Manager 6.1
Avaya Aura Session Manager 6.0.2
Avaya Aura Session Manager 5.2.4
Avaya Aura Session Manager 5.2.1
Avaya Aura Session Manager 5.2
Avaya Aura Session Manager 5.0
Avaya Aura Presence Services 6.1.2
Avaya Aura Presence Services 6.1.1
Avaya Aura Presence Services 6.2
Avaya Aura Presence Services 6.1
Avaya Aura Presence Services 6.0
Avaya Aura Messaging 6.1.1
Avaya Aura Messaging 6.2
Avaya Aura Messaging 6.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Messaging 6.0.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Messaging 6.0
Avaya Aura Conferencing 7.0
Avaya Aura Communication Manager Utility Services 6.3
Avaya Aura Communication Manager Utility Services 6.2.5.0.15
Avaya Aura Communication Manager Utility Services 6.2.4.0.15
Avaya Aura Communication Manager Utility Services 6.2
Avaya Aura Communication Manager Utility Services 6.1.0.9.8
Avaya Aura Communication Manager Utility Services 6.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Communication Manager Utility Services 6.0
Avaya Aura Application Server 5300 SIP Core 3.0 PB5
Avaya Aura Application Server 5300 SIP Core 3.0 PB3
Avaya Aura Application Server 5300 SIP Core 3.0
Avaya Aura Application Server 5300 SIP Core 2.1
Avaya Aura Application Server 5300 SIP Core 2.0
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 6.2
Avaya Aura Application Enablement Services 6.1.2
Avaya Aura Application Enablement Services 6.1.1
Avaya Aura Application Enablement Services 6.1
Avaya Aura Application Enablement Services 6.0
Avaya Aura Application Enablement Services 5.2.4
Avaya Aura Application Enablement Services 5.2.3
Avaya Aura Application Enablement Services 5.2.2
Avaya Aura Application Enablement Services 5.2
Avaya Aura Application Enablement Services 5.0
Apple Mac Os X 10.10.4
Apple Mac Os X 10.10.3
Apple Mac OS X 10.10.2
Apple Mac OS X 10.10.1
Apple Mac OS X 10.10
Not Vulnerable: Todd Miller Sudo 1.8.5
Apple Mac Os X 10.10.5


 

Privacy Statement
Copyright 2010, SecurityFocus