Improper input validation in Apple Mac_os_x

CVE-2014-0106

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environ…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (16.6th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x
Todd_miller Sudo — versions 1.6.9, 1.6.9p20, 1.6.9p21
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
SUSE-SU-2014:0475 (vendor-advisory, x_refsource_SUSE)
APPLE-SA-2015-08-13-2 (vendor-advisory, x_refsource_APPLE)
USN-2146-1 (x_refsource_UBUNTU, vendor-advisory)
RHSA-2014:0266 (x_refsource_REDHAT, vendor-advisory)
[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
65997 (vdb-entry, x_refsource_BID)