GLSA-201606-13 : sudo: Unauthorized privilege escalation in sudoedit
High Nessus Plugin ID 91844
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201606-13 (sudo: Unauthorized privilege escalation in sudoedit)
sudoedit in sudo is vulnerable to the escalation of privileges by local users via a symlink attack. This can be exploited by a file whose full path is defined using multiple wildcards in “/etc/sudoers”, as demonstrated by “/home/*/*/file.txt”.
Local users are able to gain unauthorized privileges on the system.
There is no known work around at this time.
SolutionAll sudo users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-admin/sudo-1.8.15-r1'