{"id":14410,"date":"2025-07-08T12:23:26","date_gmt":"2025-07-08T12:23:26","guid":{"rendered":"https:\/\/newestek.com\/?p=14410"},"modified":"2025-07-08T12:23:26","modified_gmt":"2025-07-08T12:23:26","slug":"how-a-12-year-old-bug-in-sudo-is-still-haunting-linux-users","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14410","title":{"rendered":"How a 12-year-old bug in Sudo is still haunting Linux users"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>Two new vulnerabilities have been found in Sudo, a privileged command-line tool installed on Linux systems, that can allow privilege escalation and unintended command execution on affected Ubuntu and Debian systems.<\/p>\n<p>According to a Stratascale research, the command-line tool has two local privilege escalation vulnerabilities, affecting the Sudo \u201chost\u201d and Sudo \u201cChroot\u201d features. One of the vulnerabilities has remained unnoticed for over 12 years. <\/p>\n<p>\u201cPermissions control, specifically maintaining positive control of privilege escalation, is critical to security operations,\u201d said Trey Ford, chief information security officer at Bugcrowd. \u201cWhen Sudo needs patched, you put down your sandwich and get that prioritized ASAP.\u201d<\/p>\n<p>Despite similar impact, the vulnerabilities have received different severity ratings depending on the ease of exploitation. Ford thinks the scoring variance makes sense as there\u2019s a \u201cvery narrow configuration scenario,\u201d allowing for one low-rated exploit.<\/p>\n<h2 class=\"wp-block-heading\" id=\"the-chroot-option-hands-anyone-root-privileges\">The chroot option hands anyone root privileges<\/h2>\n<p>One of the vulnerabilities, tracked as CVE-2025-32463, allows any user \u2014 even those not listed in sudoers \u2014 to <a href=\"https:\/\/www.csoonline.com\/article\/562075\/6-points-you-need-to-know-to-keep-stack-clash-from-compromising-your-shared-linux-environment.html?utm=hybrid_search\">gain root privileges<\/a> by abusing the Chroot mechanism. The Chroot feature in Sudo was introduced in version 1.9.14 (released in August 2023) to help admins limit the runtime environment of a command by changing the root directory for the command to a specified path.<\/p>\n<p>By placing a crafted version of the system configuration file \u201c\/etc\/nsswitch.conf\u201d into a user-writable Chroot directory, Sudo can be tricked into loading a shared library there with malicious code in it.<\/p>\n<p>The vulnerability, with a critical CVSS rating of 9.3 out of 10, affects Sudo versions 1.9.14 through 1.9.17, and Stratascale researchers <a href=\"https:\/\/www.stratascale.com\/vulnerability-alert-CVE-2025-32463-sudo-chroot\" target=\"_blank\" rel=\"noreferrer noopener\">said<\/a> they verified the exploitation on Ubuntu 24.04.1 and the Fedora 41 server.<\/p>\n<p>\u201cCVE-2025-32463 involves a local privilege escalation vector that doesn\u2019t require the user to be in the sudoers file,\u201d said Marc England, security consultant at Black Duck. \u201cMy only question would be, when it comes to elements such as infrastructure, how many of them are using Ubuntu 24.04? A lot of the time, with Ubuntu 22.04 LTS having support through to 2027, it would be far more common in most environments as there isn\u2019t always a rush to update to a new OS since the current one is still stable and supported.\u201d<\/p>\n<p>England thinks many admins could be in the clear as he believes most would be using Sudo version 1.9.9, non-vulnerable, as it is the latest package supported on Ubuntu 22.04.<\/p>\n<h2 class=\"wp-block-heading\" id=\"sudo-is-trusting-the-wrong-host\">Sudo is trusting the wrong host<\/h2>\n<p>CVE-2025-32462, which remained unnoticed for over 12 years, requires a specific, but common configuration of restricting Sudo rules to certain hostnames or hostname patterns.<\/p>\n<p>According to the researchers, the <a href=\"https:\/\/www.stratascale.com\/vulnerability-alert-CVE-2025-32462-sudo-host\" target=\"_blank\" rel=\"noreferrer noopener\">sudoers file uses<\/a> flexible syntax to suit any organization size, allowing a single configuration to work across Linux and UNIX systems by limiting rules specific to users, groups, and hosts.<\/p>\n<p>England agrees with the vulnerability\u2019s lower severity score, CVSS 2.8 out of 10. \u201cSuccessful execution would require someone to make a misconfiguration and deploy a sudoers file with an incorrect host for this vulnerability to work,\u201d he said.\u00a0 \u201cThe error has to happen elsewhere to meet these conditions.\u201d<\/p>\n<p>Stable Sudo versions 1.9.0 through 1.9.17 are affected, along with the legacy versions 1.8.8-1.8.32. The flaw was introduced with Sudo version 1.8.8, released in September 2013, and remained in all the subsequent upgrades.<\/p>\n<p>Both flaws have been fixed in the Sudo version 1.9.17p1. Sudo advisories addressing the issues credited Rich Mirch from Stratascale Cyber Research Unit (CRU) for the discoveries and have urged admins to quickly patch their installations.<\/p>\n<p>\u201cOrganizations should treat remediation of the issue as a priority despite the seemingly low vulnerability severity score and investigate their configurations for use of the vulnerable options and versions, doubly so due to the presence of the other vulnerability which does not have such configuration-based requirements for exploitation,\u201d said Ben Hutchison, associate principal consultant at Black Duck.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Two new vulnerabilities have been found in Sudo, a privileged command-line tool installed on Linux systems, that can allow privilege escalation and unintended command execution on affected Ubuntu and Debian systems. According to a Stratascale research, the command-line tool has two local privilege escalation vulnerabilities, affecting the Sudo \u201chost\u201d and Sudo \u201cChroot\u201d features. One of the vulnerabilities has remained unnoticed for over 12 years. \u201cPermissions&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=14410\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14410","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14410"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14410\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}