Recherche : [sudo] - Cyberveille

Vulnerability Advisory: Sudo chroot Elevation of Privilege https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

01/07/2025 09:35:56

The Sudo utility is a privileged command-line tool installed on Linux systems that allows a permitted user to execute a command as the superuser, or another user, as specified by the security policy. It is commonly used to implement the least privilege model by delegating administrative tasks that require elevated privileges without sharing the root password, while also creating an audit trail in the system log.

The Stratascale Cyber Research Unit (CRU) team discovered two local privilege vulnerabilities in Sudo. These vulnerabilities can result in the escalation of privileges to root on the impacted system.

The research focused on infrequently used command-line options. This blog explores how the Sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no Sudo rules are defined for that user.

The default Sudo configuration is vulnerable. Although the vulnerability involves the Sudo chroot feature, it does not require any Sudo rules to be defined for the user. As a result, any local unprivileged user could potentially escalate privileges to root if a vulnerable version is installed. The following versions are known to be vulnerable. Note: Not all versions within the range have been tested.

Stable 1.9.14 - 1.9.17
Note: The legacy versions of Sudo (currently <= 1.8.32) are not vulnerable because the chroot feature does not exist.

Exploitation has been verified on:

Ubuntu 24.04.1; Sudo 1.9.15p5, Sudo 1.9.16p2
Fedora 41 Server; Sudo 1.9.15p5

Sudoedit can edit arbitrary files https://www.sudo.ws/security/advisories/sudoedit_any/

07/03/2023 10:23:35

A flaw in exists in sudo’s -e option (aka sudoedit) that allows a malicious user with sudoedit privileges to edit arbitrary files.
Sudo versions affected: Sudo versions 1.8.0 through 1.9.12p1 inclusive are affected. Versions of sudo prior to 1.8.0 construct the argument vector differently and are not affected.
CVE ID: This vulnerability has been assigned CVE-2023-22809 in the Common Vulnerabilities and Exposures database.
Details: When invoked as sudo -e or sudoedit, sudo can be used to edit privileged files while running the editor as an unprivileged user.

Liens par page

Filtres