sudo
Page content
- Author: Miklos Vajna
- Vulnerable: 1.7.2-3
- Unaffected: 1.7.2-4locris1
A security issue has been reported in sudo, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to an error within the command matching functionality, which can be exploited to run a “sudoedit” executable within the current working directory. Successful exploitation may allow the execution of arbitrary code with escalated privileges, but requires that the attacker is allowed to use sudo’s “sudoedit” pseudo-command, that the PATH environment variable contains “.” while the directories do not contain any other “sudoedit” executable, and that the “ignore_dot” or “secure_path” options are disabled.
- Bug Tracker URL: http://bugs.frugalware.org/task/4188