A vulnerability has been discovered in sudo which could result in root privilege escalation.
|Package||app-admin/sudo on all architectures|
|Affected versions||< 1.9.12_p2|
|Unaffected versions||>= 1.9.12_p2|
sudo allows a system administrator to give users the ability to run commands as other users.
The sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process.
The improper processing of user's environment variables could lead to the editing of arbitrary files as root, potentially leading to root privilege escalation.
There is no known workaround at this time.
All sudo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.12_p2"
May 03, 2023
May 03, 2023: 1