Todd Miller : Security Vulnerabilities, CVEs, Published In 2014
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Max CVSS
6.6
EPSS Score
0.04%
Published
2014-03-11
Updated
2017-12-16
1 vulnerabilities found