Описание
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in /var/run/sudo-rs/ts. These files are named according to the username from which the sudo attempt is made (the origin user).
An issue was discovered in versions prior to 0.2.1 where usernames containing the . and / characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username ../../../../bin/cp. When logged in as a user with that name, that user could
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
EPSS
3.1 Low
CVSS3
8.1 High
CVSS3
Дефекты
Связанные уязвимости
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user cou...
Sudo-rs, a memory safe implementation of sudo and su, allows users to ...
sudo-rs Session File Relative Path Traversal vulnerability
Уязвимость программ системного администрирования Sudo-rs, связанная с недостаточной проверкой введенных пользователем командных аргументов, позволяющая нарушителю повысить свои привилегии путём создания специально сформированного имени пользователя
EPSS
3.1 Low
CVSS3
8.1 High
CVSS3