CVE-2025-32462

Отчет

This vulnerability is classified as a Local Privilege Escalation (LPE), meaning an attacker needs an authenticated account before they could exploit it. Due to this restriction, the severity is rated Important. Additionally, for a system to be vulnerable, it must already be in a non-default configuration. The system’s sudoers file must contain rules that define that user’s privileges on a different system. There are multiple mechanisms a system administrator could use to distribute sudoers rules, such as LDAP, Ansible playbooks, or via inclusion in a “Golden Image,” and therefore may be affected by this vulnerability. In environments using LDAP to manage sudoers files, look for sudoRoles objects that use sudoHost values to manage different levels of user privliges across multiple systems. In situations where host A’s sudoers rules include permissions defined for another host B, a user on host A could use the privileges granted to them on host B while logged into host A. For example, a sudoers file on hostA and hostB might include the following rules:

If Bob logs into hostA and runs sudo some command, Sudo will check that Bob has permission to run some command on hostA. Since Bob does NOT have that privilege on hostA, Sudo will deny the requested command. However, the local Sudo rules on hostA can be bypassed if Bob logs into hostA and runs sudo -h hostB some command. In this case, Sudo will verify that Bob has permission to run some command on hostB. Since Bob does have that privilege, Sudo will run the requested command on hostA, where Bob is currently logged in.

Меры по смягчению последствий

For environments using sudoers files: Remove rules defined in sudoers files that are for any system other than the local system. For environments using LDAP: Use a narrow-scoped search path in the SSSD configuration so rules that don’t apply to a system are not included in the LDAP query results.