## Vulnerability Report

**Name of the Vulnerable Software and Affected Versions:**

Sudo versions prior to 1.9.17p1

Sudo versions 1.8.8 through 1.9.17

Sudo versions prior to 1.9.5p2-3+deb11u2 (Debian 11 bullseye)

Sudo versions prior to 1.9.13p3-1+deb12u2 (Debian bookworm)

Sudo versions prior to 1.9.16p2-1ubuntu1.1 (Ubuntu plucky)

Sudo versions prior to 1.8.31-1ubuntu1.5+esm1 (Ubuntu 20.04 LTS, 18.04 LTS, 16.04 LTS, and 14.04 LTS)

**Description:**

Sudo, a program designed to provide limited super user privileges, contains a vulnerability related to the handling of the `-h` or `--host` option. The `-h` option was not correctly restricted to listing privileges and could be misused when running commands via `sudo` or editing files with `sudoedit`. This flaw could allow a local attacker to escalate their privileges. The vulnerability stems from a logic bypass in the host matching functionality, potentially allowing a user to execute commands with elevated privileges on unintended machines.

**Recommendations:**

- Upgrade to Sudo version 1.9.17p1 or later.

- For Debian 11 bullseye, upgrade to Sudo version 1.9.5p2-3+deb11u2 or later.

- For Debian bookworm, upgrade to Sudo version 1.9.13p3-1+deb12u2 or later.

- For Ubuntu plucky, upgrade to Sudo version 1.9.16p2-1ubuntu1.1 or later.

- For Ubuntu 20.04 LTS, 18.04 LTS, 16.04 LTS, and 14.04 LTS, upgrade to version 1.8.31-1ubuntu1.5+esm1 or later.