Todd Miller: >> Sudo >> 1.7.10p6 Security Vulnerabilities
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
CVSS Score
6.6
EPSS Score
0.001
Published
2014-03-11
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
CVSS Score
6.9
EPSS Score
0.022
Published
2013-03-05