GLSA-201406-30 : sudo: Privilege escalation
Medium Nessus Plugin ID 76287
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201406-30 (sudo: Privilege escalation)
When the Sudo env_reset option is disabled (it is enabled by default), certain environment variables are not blacklisted as expected.
A local attacker, authorized to run commands using sudo, can use this flaw to execute arbitrary code or escalate his privileges.
There is no known workaround at this time.
SolutionAll sudo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/sudo-1.8.5'