VYPR
Low severity3.3NVD Advisory· Published Apr 24, 2017· Updated Jun 17, 2026

CVE-2014-9680

CVE-2014-9680

Description

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.