Bug 12261 - sudo versions prior to 1.8.28 are affected.
Summary: sudo versions prior to 1.8.28 are affected.
Status: RESOLVED FIXED
Alias: None
Product: buildroot
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: All Linux
: P5 critical
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-10-16 02:35 UTC by Francis Hu
Modified: 2019-10-16 07:10 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Francis Hu 2019-10-16 02:35:22 UTC 
According to sudo.ws, sudo versions prior to 1.8.28 are affected due to potential bypass of Runas user restrictions.
Please refer to https://www.sudo.ws/alerts/minus_1_uid.html for the detailed.
Comment 1 Alexander Dahl 2019-10-16 06:23:39 UTC 
This was already fixed in buildroot master yesterday: https://git.buildroot.net/buildroot/commit/?id=4a96d627491dbf1ae622053068176ec27d3cdf60