A vulnerability in sudo may allow local users to elevate privileges.
Package | app-admin/sudo on all architectures |
---|---|
Affected versions | < 1.6.8_p9 |
Unaffected versions | >= 1.6.8_p9 |
sudo allows a system administrator to give users the ability to run commands as other users.
The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of an internal check to be clobbered, leaving sudo vulnerable to a race condition.
Successful exploitation would permit a local sudo user to execute arbitrary commands as another user.
Reorder the sudoers file using the visudo utility to ensure the 'ALL' pseudo-command precedes other command definitions.
All sudo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.6.8_p9"
Release date
June 23, 2005
Latest revision
June 23, 2005: 01
Severity
normal
Exploitable
local
Bugzilla entries