sudo: Privilege escalation — GLSA 200902-01

A vulnerability in sudo may allow for privilege escalation.

Affected Packages

app-admin/sudo on all architectures
Affected versions < 1.7.0
Unaffected versions >= 1.7.0

Background

sudo allows a system administrator to give users the ability to run commands as other users.

Description

Harald Koenig discovered that sudo incorrectly handles group specifications in Runas_Alias (and related) entries when a group is specified in the list (using %group syntax, to allow a user to run commands as any member of that group) and the user is already a member of that group.

Impact

A local attacker could possibly run commands as an arbitrary system user (including root).

Workaround

There is no known workaround at this time.

Resolution

All sudo users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.0"

References

Release Date
February 06, 2009

Latest Revision
February 06, 2009: 01

Severity
high

Exploitable
local

Bugzilla entries