Low severity3.3NVD Advisory· Published Apr 24, 2017· Updated Jun 17, 2026
CVE-2014-9680
CVE-2014-9680
Description
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:sudo_project:sudo:*:p2:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sudo_project:sudo:*:p2:*:*:*:*:*:*range: <=1.8.11
- (no CPE)range: <1.8.12
- osv-coords5 versionspkg:rpm/opensuse/sudo&distro=openSUSE%20Tumbleweedpkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/sudo&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 1.9.7p2-1.4+ 4 more
- (no CPE)range: < 1.9.7p2-1.4
- (no CPE)range: < 1.8.10p3-2.6.1
- (no CPE)range: < 1.8.10p3-2.6.1
- (no CPE)range: < 1.8.10p3-2.6.1
- (no CPE)range: < 1.8.10p3-2.6.1
Patches
Vulnerability mechanics
References
5- openwall.com/lists/oss-security/2014/10/15/24nvdExploitMailing ListThird Party Advisory
- www.sudo.ws/alerts/tz.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2015-1409.htmlnvd
- www.securitytracker.com/id/1033158nvd
- security.gentoo.org/glsa/201504-02nvd
News mentions
0No linked articles in our index yet.