sudo: Privilege escalation — GLSA 201401-23

Multiple vulnerabilities have been found in sudo which could result in privilege escalation.

Affected packages

Background

sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts.

Description

Multiple vulnerabilities have been found in sudo:

• sudo does not correctly validate the controlling terminal on a system without /proc or when the tty_tickets option is enabled.
• sudo does not properly handle the clock when it is set to the epoch.

Impact

A local attacker with sudo privileges could connect to the stdin, stdout, and stderr of the terminal of a user who has authenticated with sudo, allowing the attacker to hijack the authorization of the other user. Additionally, a local or physically proximate attacker could set the system clock to the epoch, bypassing time restrictions on sudo authentication.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.6_p7"
 

References

• CVE-2013-1775
• CVE-2013-1776
• CVE-2013-2776
• CVE-2013-2777

Release date
January 21, 2014

Latest revision
January 21, 2014: 1

Severity
high

Exploitable
local

Bugzilla entries

• 459722