CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

CVSS v3 3.3 LOW
CVSS v2.0 2.1 LOW

3.3^/10

CVSS v3 : LOW

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://openwall.com/lists/oss-security/2014/10/15/24	Exploit Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1409.html
http://www.securitytracker.com/id/1033158
http://www.sudo.ws/alerts/tz.html	Vendor Advisory
https://security.gentoo.org/glsa/201504-02

Configurations

Configuration 1 (hide)

cpe:2.3:a:sudo_project:sudo:*:p2:*:*:*:*:*:*

History

No history.

Information

Published : 2017-04-24 06:59

Updated : 2024-02-28 15:44

NVD link : CVE-2014-9680

Mitre link : CVE-2014-9680

CVE.ORG link : CVE-2014-9680

JSON object : View

Products Affected

sudo_project

sudo

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2014-9680", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2017-04-24T06:59:00.353", "references": [{"url": "http://openwall.com/lists/oss-security/2014/10/15/24", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1409.html", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1033158", "source": "cve@mitre.org"}, {"url": "http://www.sudo.ws/alerts/tz.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/201504-02", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives."}, {"lang": "es", "value": "sudo en versiones anteriores a 1.8.12 no garantiza que la variable de entorno TZ est\u00e9 asociada con un archivo zoneinfo, lo que permite a usuarios locales abrir archivos arbitrarios para acceso de lectura (pero no ver el contenido del archivo) ejecutando un programa dentro de una sesi\u00f3n sudo, como lo demuestra interfiriendo con la salida del terminal, descartando los mensajes del kernel-log o reposicionando las unidades de cinta."}], "lastModified": "2018-01-05T02:29:57.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:*:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29562C09-01B1-46F4-871F-B2C817DB256D", "versionEndIncluding": "1.8.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}