1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200506-22 / sudo |
| Release Date | June 23, 2005 |
| Latest Revision | June 23, 2005: 01 |
| Impact | normal |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| app-admin/sudo | < 1.6.8_p9 | >= 1.6.8_p9 | All supported architectures |
Related bugreports: #96618
A vulnerability in sudo may allow local users to elevate privileges.
sudo allows a system administrator to give users the ability to run commands as other users.
The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of an internal check to be clobbered, leaving sudo vulnerable to a race condition.
Successful exploitation would permit a local sudo user to execute arbitrary commands as another user.
Reorder the sudoers file using the visudo utility to ensure the 'ALL' pseudo-command precedes other command definitions.
All sudo users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.6.8_p9" |