GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Oct 08, 2017 4:26 pm Post subject: [ GLSA 201710-04 ] sudo |
|
|
Gentoo Linux Security Advisory
Title: sudo: Privilege escalation (GLSA 201710-04)
Severity: high
Exploitable: local
Date: 2017-10-08
Bug(s): #620482
ID: 201710-04
Synopsis
A vulnerability in sudo allows local users to gain root privileges.
Background
sudo (su “do”) allows a system administrator to delegate authority
to give certain users (or groups of users) the ability to run some (or
all) commands as root or another user while providing an audit trail of
the commands and their arguments.
Affected Packages
Package: app-admin/sudo
Vulnerable: < 1.8.20_p2
Unaffected: >= 1.8.20_p2
Architectures: All supported architectures
Description
The fix present in app-admin/sudo-1.8.20_p1 (GLSA 201705-15) was
incomplete as it did not address the problem of a command with a newline
in the name.
Impact
A local attacker could execute arbitrary code with root privileges.
Workaround
There is no known workaround at this time.
Resolution
All sudo users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p2"
|
References
CVE-2017-1000368
GLSA 201705-15 |
|