This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

A local privileged attacker can set the TZ environment variable
before calling sudo, in order to force the opening of a file, or a
denial of service if this file is blocking.

Impacted products : Unix (platform)

Severity : 1/4

Creation date : 10/02/2015

DESCRIPTION OF THE VULNERABILITY

The sudo program allows some users to execute commands with
elevated privileges.

The sudo program filters environment variables which are
potentially dangerous. However, sudo transmits the TZ variable,
which can indicate the name of a Time Zone file. The target
application, linked to the glibc, thus opens this file to analyze
its timing information. It can be noted that the content of this
file is never returned to the user.

A local privileged attacker can therefore set the TZ environment
variable before calling sudo, in order to force the opening of a
file, or a denial of service if this file is blocking.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/sudo-file-reading-via-TZ-16137