Listen to this Post
How the CVE Works
The vulnerability in `sudo-rs` (a Rust rewrite of sudo) allows users with restricted `sudo` permissions to enumerate privileges of other users via the `-U` flag. Unlike the original sudo, `sudo-rs` fails to enforce proper access controls, permitting unauthorized privilege checks. For example, a user (bob) with `sudo` access limited to `/usr/bin/ps` can run `sudo -l -Uroot` and view rootβs full `sudo` permissions (ALL commands). This information leak aids attackers in crafting targeted privilege escalation attacks. The flaw persists in `sudo-rs` versions 0.2.2 and 0.2.5.
DailyCVE Form
Platform: sudo-rs
Version: 0.2.2, 0.2.5
Vulnerability: Privilege enumeration
Severity: Medium
Date: 2024-XX-XX
What Undercode Say:
Exploitation:
1. Attacker gains limited `sudo` access (e.g., `/usr/bin/ps`).
2. Runs `sudo -l -U` to list privileges.
3. Uses leaked data to plan privilege escalation.
Mitigation:
1. Patch `sudo-rs` to enforce `-U` flag restrictions.
- Revert to original `sudo` until fix is available.
3. Audit `/etc/sudoers` for excessive permissions.
Commands:
Check installed sudo-rs version: sudo-rs --version Temporary workaround (switch to classic sudo): apt remove sudo-rs && apt install sudo Verify sudoers integrity: visudo -c
Code (Rust Patch Suggestion):
// Example fix for -U flag validation
fn validate_user_privileges(user: &str, requester: &str) -> bool {
if requester != user && !is_admin(requester) {
return false; // Block cross-user checks
}
true
}
Analytics:
- Affected Systems: Ubuntu 24.04 (experimental `sudo-rs` deployments).
- Risk Score: 5.4 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
- Exploitability: Low (requires initial `sudo` access).
References:
- sudo-rs GitHub
- CVE-2024-36454 (Pending official assignment)
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
