Contributed by grey on from the delegating power responsibly dept.
Due to a race condition in its command pathname handling, a user with sudo(8) privileges may be able to run arbitrary commands if the user's entry is followed by an entry that grants sudo ALL privileges to another user.
The problem has been fixed in OpenBSD-current as well as the
3.6 and 3.7 -stable branches. Patches for OpenBSD 3.6 and 3.7
are also available:
3.6 fix: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/018_sudo.patch
3.7 fix:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/003_sudo.patch
(Comments are closed)