sudo: Privilege escalation — GLSA 201203-06

Two vulnerabilities have been discovered in sudo, allowing local attackers to possibly gain escalated privileges.

Affected Packages

app-admin/sudo on all architectures
Affected versions < 1.8.3_p2
Unaffected versions >= 1.8.3_p2, revision >= 1.7.4_p5

Background

sudo allows a system administrator to give users the ability to run commands as other users.

Description

Two vulnerabilities have been discovered in sudo:

  • When the sudoers file is configured with a Runas group, sudo does not prompt for a password when changing to the new group (CVE-2011-0010).
  • A format string vulnerability exists in the "sudo_debug()" function (CVE-2012-0809).

Impact

A local attacker could possibly gain the ability to run arbitrary commands with the privileges of other users or groups, including root.

Workaround

There is no known workaround at this time.

Resolution

All sudo users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.3_p2"
 

References

Release Date
March 06, 2012

Latest Revision
March 06, 2012: 1

Severity
high

Exploitable
local

Bugzilla entries