Joined: 12 May 2004
|Posted: Sun Oct 08, 2017 4:26 pm Post subject: [ GLSA 201710-04 ] sudo
|Gentoo Linux Security Advisory
Title: sudo: Privilege escalation (GLSA 201710-04)
A vulnerability in sudo allows local users to gain root privileges.
sudo (su “do”) allows a system administrator to delegate authority
to give certain users (or groups of users) the ability to run some (or
all) commands as root or another user while providing an audit trail of
the commands and their arguments.
Vulnerable: < 1.8.20_p2
Unaffected: >= 1.8.20_p2
Architectures: All supported architectures
The fix present in app-admin/sudo-1.8.20_p1 (GLSA 201705-15) was
incomplete as it did not address the problem of a command with a newline
in the name.
A local attacker could execute arbitrary code with root privileges.
There is no known workaround at this time.
All sudo users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p2"