Sudo versions up to 1.9.17p2 before commit 3e474c2
Summary
This vulnerability allows local privilege escalation on systems running affected versions of Sudo. Failures of setuid, setgid, or setgroups calls during privilege dropping before the Sudo mailer runs are not treated as fatal errors. This allows a local attacker to gain unintended elevated privileges on the target system.
Remediation
Update Sudo to a patched version including the fix from commit 3e474c2 immediately. If an update cannot be deployed right away, restrict local access to the system for untrusted users. Monitor system authentication logs for unusual privilege activity to detect potential exploitation.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.