CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sudo_project:sudo:*:p2:*:*:*:*:*:*

History

No history.

Information

Published : 2017-04-24 06:59

Updated : 2024-02-28 15:44


NVD link : CVE-2014-9680

Mitre link : CVE-2014-9680

CVE.ORG link : CVE-2014-9680


JSON object : View

Products Affected

sudo_project

  • sudo
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor