CVE-2023-42456

Name of the Vulnerable Software and Affected Versions sudo-rs versions prior to 0.2.1

Description The issue is related to the handling of usernames in sudo-rs, a memory-safe implementation of sudo and su. Usernames containing the . and / characters can result in the corruption of specific files on the filesystem. An attacker can construct a username that appears to be a relative path, allowing them to clear arbitrary files on the system. For example, a user with the username ../../../../bin/cp can run sudo -K to clear their session record file, resulting in the removal of the cp binary. The attacker needs to be able to login as a user with a constructed username and create users with such usernames. The issue is patched in version 0.2.1 of sudo-rs, which uses the uid for the user instead of their username for determining the filename, eliminating the possibility of path traversal.

Recommendations To resolve the issue, upgrade to version 0.2.1 of sudo-rs. Note that this upgrade will result in existing session files being ignored, and users will be forced to re-authenticate. As a temporary workaround, ensure that your system does not contain any users with specially crafted usernames, and restrict the ability of untrusted users to create arbitrary users on the system.