Name of the Vulnerable Software and Affected Versions:

Sudo versions 1.8.29 and earlier

Description:

The issue is related to improper access control in Sudo, allowing an attacker with access to a Runas ALL sudoer account to impersonate any blocked user. This is because the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered. The software maintainer believes that this issue is not valid, as disabling local password authentication for a user is not the same as disabling all access to that user. Users may still be able to login via other means, such as ssh key or kerberos.

Recommendations:

For Sudo versions 1.8.29 and earlier, consider updating to Sudo 1.8.30 or later, which adds an optional setting to check the shell of the target user against the contents of /etc/shells. As a temporary workaround, consider restricting access to blocked users or disabling the use of the Runas ALL sudoer account until a patch is available.