sudo-rs Low Privilege User Privilege Enumeration Vulnerability

A vulnerability exists in sudo-rs versions through 0.2.5, allowing users with limited sudo privileges to enumerate the sudo rights of other users. This is achieved using the '-U' flag, which can reveal sensitive information about permissions that could be exploited for targeted attacks. The issue does not affect systems where users lack sudo privileges or can execute all commands as root via sudo, which is the default on most systems.

Impact

This vulnerability could lead to unauthorized privilege enumeration, allowing users to gain insights into the sudo rights of others, potentially facilitating more targeted attacks.

Reproduction

The vulnerability can be reproduced by a user with limited sudo rights, such as the ability to execute only specific commands. When 'sudo -l -U' is used to query the sudo privileges of other users, sudo-rs fails to properly restrict this action, unlike the original sudo, which would deny the request. This behavior can be observed in versions 0.2.2 and 0.2.5 of sudo-rs.

Remediation

Users can upgrade to sudo-rs version 0.2.6, which addresses this vulnerability.