vulnerability
FreeBSD: VID-7f7d6412-bae5-11e9-be92-3085a9a95629: doas -- Prevent passing of environment variables
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:C/A:N) | Aug 9, 2019 | Aug 10, 2019 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:C/A:N)
Published
Aug 9, 2019
Added
Aug 10, 2019
Modified
Dec 10, 2025
Description
Jesse Smith (upstream author of the doas program) reported: Previous versions of "doas" transferred most environment variables, such as USER, HOME, and PATH from the original user to the target user. Passing these variables could cause files in the wrong path or home directory to be read (or written to), which resulted in potential security problems. Many thanks to Sander Bos for reporting this issue and explaining how it can be exploited.
Solution
freebsd-upgrade-package-doas
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.