Описание
sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw (or Defaults rootpw) enabled, the password of the target account (or root account) instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the authentication timestamp. Any later sudo invocation on the same terminal while the timestamp was still valid would use that timestamp, potentially bypassing new authentication even if the policy would have required it. A highly-privileged user (able to run commands as other users, or as root, through sudo) who knows one password of an account they are allowed to run commands as, would be able to run commands as any other account the policy permits them to run commands for, even if they don't know the password for those accounts. A common instance of this would be that a user can still use ...
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 0.2.10-1ubuntu1 |
| esm-apps/noble | not-affected | code not present |
| jammy | DNE | |
| noble | not-affected | code not present |
| plucky | not-affected | code not present |
| questing | released | 0.2.8-1ubuntu5.2 |
| upstream | released | 0.2.10-1 |
Показывать по
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
sudo-rs is a memory safe implementation of sudo and su written in Rust. With `Defaults targetpw` (or `Defaults rootpw`) enabled, the password of the target account (or root account) instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the authentication timestamp. Any later `sudo` invocation on the same terminal while the timestamp was still valid would use that timestamp, potentially bypassing new authentication even if the policy would have required it. A highly-privileged user (able to run commands as other users, or as root, through sudo) who knows one password of an account they are allowed to run commands as, would be able to run commands as any other account the policy permits them to run commands for, even if they don't know the password for those accounts. A common instance of this would be that a user can still use the
sudo-rs is a memory safe implementation of sudo and su written in Rust ...
sudo-rs doesn't record authenticating user properly in timestamp
EPSS
4.4 Medium
CVSS3