Описание
A flaw was found in Sudo. This flaw allows a local attacker to escalate their privileges by tricking Sudo into loading an arbitrary shared library using the user-specified root directory via the -R (--chroot) option. An attacker can run arbitrary commands as root on systems that support /etc/nsswitch.conf.
Отчет
The severity of this vulnerability is rated as Important due to the requirement that an attacker must have access to a valid account on a system and that it allows a local unprivileged attacker to escalate their privileges even if the account is not listed in the sudoers file. Due to the limited range of vulnerable versions, this vulnerability does not affect RHEL-9 or any earlier versions of RHEL. Due to this, Openshift is also not affected by this vulnerability.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | sudo | Affected | ||
| Red Hat Enterprise Linux 6 | sudo | Not affected | ||
| Red Hat Enterprise Linux 7 | sudo | Not affected | ||
| Red Hat Enterprise Linux 8 | sudo | Not affected | ||
| Red Hat Enterprise Linux 9 | sudo | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
An attacker can leverage sudo's `-R` (`--chroot`) option to run arbitrary commands as root, even if they are not listed in the sudoers file. Sudo versions 1.9.14 to 1.9.17 inclusive are affected.
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Sudo before 1.9.17p1 allows local users to obtain root access because ...
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
EPSS
7.8 High
CVSS3