GLSA-201710-04 : sudo: Privilege escalation
High Nessus Plugin ID 103722
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201710-04 (sudo: Privilege escalation)
The fix present in app-admin/sudo-1.8.20_p1 (GLSA 201705-15) was incomplete as it did not address the problem of a command with a newline in the name.
A local attacker could execute arbitrary code with root privileges.
There is no known workaround at this time.
SolutionAll sudo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/sudo-1.8.20_p2'