GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Jun 17, 2015 8:26 pm Post subject: [ GLSA 201504-02 ] sudo |
|
|
Gentoo Linux Security Advisory
Title: sudo: Information disclosure (GLSA 201504-02)
Severity: normal
Exploitable: local
Date: April 11, 2015
Bug(s): #539532
ID: 201504-02
Synopsis
A vulnerability in sudo could allow a local attacker to read
arbitrary files or bypass security restrictions.
Background
sudo allows a system administrator to give users the ability to run
commands as other users. Access to commands may also be granted on a
range to hosts.
Affected Packages
Package: app-admin/sudo
Vulnerable: < 1.8.12
Unaffected: >= 1.8.12
Architectures: All supported architectures
Description
sudo does not handle the TZ environment variable properly.
Impact
A local attacker may be able to read arbitrary files or information from
device special files.
Workaround
There is no known workaround at this time.
Resolution
All sudo users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.12"
|
References
CVE-2014-9680 |
|