sudo: Arbitrary command execution — GLSA 200506-22

A vulnerability in sudo may allow local users to elevate privileges.

Affected Packages

app-admin/sudo on all architectures
Affected versions < 1.6.8_p9
Unaffected versions >= 1.6.8_p9

Background

sudo allows a system administrator to give users the ability to run commands as other users.

Description

The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of an internal check to be clobbered, leaving sudo vulnerable to a race condition.

Impact

Successful exploitation would permit a local sudo user to execute arbitrary commands as another user.

Workaround

Reorder the sudoers file using the visudo utility to ensure the 'ALL' pseudo-command precedes other command definitions.

Resolution

All sudo users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.6.8_p9"

References

Release Date
June 23, 2005

Latest Revision
June 23, 2005: 01

Severity
normal

Exploitable
local

Bugzilla entries