Andrea Jegher

**Name of the Vulnerable Software and Affected Versions** sudo-rs versions prior to 0.2.1 **Description** The issue is related to the handling of usernames in sudo-rs, a memory-safe implementation of sudo and su. Usernames containing the `.` and `/` characters can result in the corruption of specific files on the filesystem. An attacker can construct a username that appears to be a relative path, allowing them to clear arbitrary files on the system. For example, a user with the username `../../../../bin/cp` can run `sudo -K` to clear their session record file, resulting in the removal of the `cp` binary. The attacker needs to be able to login as a user with a constructed username and create users with such usernames. The issue is patched in version 0.2.1 of sudo-rs, which uses the uid for the user instead of their username for determining the filename, eliminating the possibility of path traversal. **Recommendations** To resolve the issue, upgrade to version 0.2.1 of sudo-rs. Note that this upgrade will result in existing session files being ignored, and users will be forced to re-authenticate. As a temporary workaround, ensure that your system does not contain any users with specially crafted usernames, and restrict the ability of untrusted users to create arbitrary users on the system.