## Vulnerability Report

**Name of the Vulnerable Software and Affected Versions:** Sudo versions 1.9.14 through 1.9.17

**Description:**

This vulnerability allows local users to obtain root access because `/etc/nsswitch.conf` from a user-controlled directory is used with the `--chroot` option. An attacker can leverage the `--chroot` option to run arbitrary commands as root, even if they are not listed in the sudoers file. The vulnerability exists because `sudo` improperly handles the `/etc/nsswitch.conf` file when the `--chroot` option is used, allowing an attacker to inject malicious configurations. A proof-of-concept (PoC) exploit is available. This vulnerability affects many Linux distributions, including Ubuntu and Fedora.

**Recommendations:**

Update to sudo version 1.9.17p1 or later.