sudo: Privilege escalation — GLSA 201003-01

Two vulnerabilities in sudo might allow local users to escalate privileges and execute arbitrary code with root privileges.

Affected packages

Package	app-admin/sudo on all architectures
Affected versions	< 1.7.2_p4
Unaffected versions	>= 1.7.2_p4

Background

sudo allows a system administrator to give users the ability to run commands as other users.

Description

Multiple vulnerabilities have been discovered in sudo:

Glenn Waller and neonsignal reported that sudo does not properly handle access control of the "sudoedit" pseudo-command (CVE-2010-0426).
Harald Koenig reported that sudo does not properly set supplementary groups when using the "runas_default" option (CVE-2010-0427).

Impact

A local attacker with privileges to use "sudoedit" or the privilege to execute commands with the "runas_default" setting enabled could leverage these vulnerabilities to execute arbitrary code with elevated privileges.

Workaround

CVE-2010-0426: Revoke all "sudoedit" privileges, or use the full path to sudoedit. CVE-2010-0427: Remove all occurrences of the "runas_default" setting.

Resolution

All sudo users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.2_p4"

References

Release date
March 03, 2010

Latest revision
March 03, 2010: 01

Severity
high

Exploitable
local

Bugzilla entries

306865