Security
Security
A vulnerability has been discovered in sudo which could result in root privilege escalation.
| Package | app-admin/sudo on all architectures |
|---|---|
| Affected versions | < 1.9.12_p2 |
| Unaffected versions | >= 1.9.12_p2 |
sudo allows a system administrator to give users the ability to run commands as other users.
The sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process.
The improper processing of user's environment variables could lead to the editing of arbitrary files as root, potentially leading to root privilege escalation.
There is no known workaround at this time.
All sudo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.9.12_p2"
Release date
May 03, 2023
Latest revision
May 03, 2023: 1
Severity
high
Exploitable
remote
Bugzilla entries