Sudo sudoedit Local Command Privilege Escalation Vulnerability

Sudo contains a vulnerability that could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges.

This vulnerability exists due to an error in the affected software while matching commands due to incorrect path resolution. A local attacker with privileges to run the sudoedit command could exploit this vulnerability to execute arbitrary commands with root privileges. An exploit could result in a complete system compromise.

Proof-of-concept code that exploits this vulnerability is publicly available.

The vendor has confirmed this vulnerability and released updated software.

To exploit the vulnerability, an attacker must have local access to the system and be granted special permissions to execute the sudoedit command. As a result of these requirements, the source of exploits are likely limited to current users of an affected system. Successful exploitation could allow a local attacker to execute arbitrary shell commands as root, leading to a full system compromise.

For this vulnerability to be successful, the attacker passes a command that has the PATH environment variable including a “.” and not include any other directory that contains a sudoedit command. Also, a successful exploit requires the ignore_dot or secure_path sudoers options to be disabled.