Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2015:126 | First vendor Publication | 2015-03-29 |
| Vendor | Mandriva | Last vendor Modification | 2015-03-29 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | Not Defined | Attack Range | Not Defined |
| Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
| Cvss Expoit Score | Not Defined | Authentication | Not Defined |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Updated sudo packages fix security vulnerability: Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs in the C library's TZ parser or open files the user would not otherwise have access to. Arbitrary file access via TZ could also be used in a denial of service attack by reading from a file or fifo that will block (CVE-2014-9680). The sudo package has been updated to version 1.8.12, fixing this issue and several other bugs. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:126 |
Alert History
| Date | Informations |
|---|---|
| 2015-03-31 13:29:39 |
|
| 2015-03-29 13:25:49 |
|
