CVE-2025-32463

Опубликовано: 30 июн. 2025

Источник: debian

Описание

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
sudo	fixed	1.9.16p2-3		package
sudo	not-affected		bookworm	package
sudo	not-affected		bullseye	package

Примечания

https://www.sudo.ws/security/advisories/chroot_bug/

Связанные уязвимости

CVE-2025-32463

CVSS3: 9.3

ubuntu

2 месяца назад

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2025-32463

CVSS3: 7.8

redhat

2 месяца назад

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2025-32463

CVSS3: 9.3

nvd

2 месяца назад

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2025-32463

CVSS3: 7.8

msrc

около 2 месяцев назад

Описание отсутствует

GHSA-695j-c63m-mvxc

CVSS3: 9.3

github

2 месяца назад

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.