Linux sudo env_reset Privilege Escalation Exploit

A logical error in sudo when the env_reset option is disabled allows local attackers to define environment variables that were supposed to be blacklisted by sudo. This can be exploited by a local unprivileged attacker to gain root privileges by manipulating the environment of a command that the user is legitimately allowed to run with sudo.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2014-0106
Product Version: 
2014_R1
Released Date: 
Monday, June 16, 2014 - 00:00