Alexander Kurtz

**Name of the Vulnerable Software and Affected Versions** sudo versions prior to 1.8.3 p2 sudo versions 1.7.x before 1.7.4p5 **Description** The issue affects the sudo package in Gentoo Linux, potentially compromising confidentiality, integrity, and availability of protected information. Exploitation can be done locally. Specifically, in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, the `check.c` file does not require a password for command execution involving a gid change but no uid change, allowing local users to bypass intended authentication via the `-g` option to a sudo command. **Recommendations** For versions prior to 1.8.3 p2, update to version 1.8.3 p2 or later. For versions 1.7.x before 1.7.4p5, update to version 1.7.4p5 or later. As a temporary workaround, consider restricting the use of the `-g` option in sudo commands until a patch is available.