From ${URL} : An unauthorized privilege escalation was found in sudoedit when a user is granted with root access to modify a particular file that could be located in a subset of directories. It seems that sudoedit does not check the full path if a wildcard is used twice (e.g. /home/*/*/file.txt), allowing a malicious user to replace the file.txt real file with a symbolic link to a different location (e.g. /etc/shadow), which results into unauthorized access. Affected versions are <= 1.8.14. Reproducer can be found here: https://www.exploit-db.com/exploits/37710/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Arches please test and mark stable =app-admin/sudo-1.8.15 with target KEYWORDS: alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris
amd64 stable
x86 stable
ppc stable
sparc stable
Stable for HPPA PPC64.
ia64 stable
arm stable
alpha stable. (last arch)
Arches, Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
CVE released. @maintainers, please clean up the vulnerable versions
Thanks for the report. re: http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21f8d167c044a4a6846b97ce78c7e52ce7497936
This issue was resolved and addressed in GLSA 201606-13 at https://security.gentoo.org/glsa/201606-13 by GLSA coordinator Aaron Bauman (b-man).
