https://blog.qife122.com/tags/cve-2025-32462/ Recent content in CVE-2025-32462 on 办公AI智能小助手 Hugo zh-cn qife Sat, 20 Sep 2025 08:26:58 +0800 https://blog.qife122.com/p/sudo-1.9.17%E4%B8%BB%E6%9C%BA%E9%80%89%E9%A1%B9%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%B8%8E%E6%9C%AC%E5%9C%B0%E5%88%A9%E7%94%A8/ Sat, 20 Sep 2025 08:26:58 +0800 https://blog.qife122.com/p/sudo-1.9.17%E4%B8%BB%E6%9C%BA%E9%80%89%E9%A1%B9%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%B8%8E%E6%9C%AC%E5%9C%B0%E5%88%A9%E7%94%A8/ <h1 id="exploit-title-sudo-1917-host-option---elevation-of-privilege">Exploit Title: Sudo 1.9.17 Host Option - Elevation of Privilege</h1> <h1 id="date-2025-06-30">Date: 2025-06-30</h1> <h1 id="exploit-author-rich-mirch">Exploit Author: Rich Mirch</h1> <h1 id="vendor-homepage">Vendor Homepage: <a href="https://www.sudo.ws">https://www.sudo.ws</a></h1> <h1 id="software-link">Software Link: <a href="https://www.sudo.ws/dist/sudo-1.9.17.tar.gz">https://www.sudo.ws/dist/sudo-1.9.17.tar.gz</a></h1> <h1 id="version-stable-190---1917-legacy-188---1832">Version: Stable 1.9.0 - 1.9.17, Legacy 1.8.8 - 1.8.32</h1> <h1 id="fixed-in-1917p1">Fixed in: 1.9.17p1</h1> <h1 id="vendor-advisory">Vendor Advisory: <a href="https://www.sudo.ws/security/advisories/host_any">https://www.sudo.ws/security/advisories/host_any</a></h1> <h1 id="blog">Blog: <a href="https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host">https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host</a></h1> <h1 id="tested-on-ubuntu-24041-sudo-1915p5-macos-sequoia-1532-sudo-1913p2">Tested on: Ubuntu 24.04.1; Sudo 1.9.15p5, macOS Sequoia 15.3.2; Sudo 1.9.13p2</h1> <h1 id="cve--cve-2025-32462">CVE : CVE-2025-32462</h1> <p>无需专门的漏洞利用代码。当使用主机选项执行sudo或sudoedit命令，并引用一个不相关的远程主机规则时，Sudo会将该规则视为对本地系统有效。因此，远程主机规则允许的任何命令都可以在本地机器上执行。</p>