¡¾Îó²îͨ¸æ¡¿Linux sudo chroot í§Òâ´úÂëÖ´ÐÐÎó²î (CVE-2025-32463)

Ðû²¼Ê±¼ä 2025-07-02

Ò»¡¢Îó²î¸ÅÊö


Îó²îÃû³Æ

Linux sudo chroot í§Òâ´úÂëÖ´ÐÐÎó²î

CVE   ID

CVE-2025-32463

Îó²îÀàÐÍ

´úÂëÖ´ÐÐ

·¢Ã÷ʱ¼ä

2025-07-02

Îó²îÆÀ·Ö

9.3

Îó²îÆ·¼¶

ÑÏÖØ

¹¥»÷ÏòÁ¿

ÍâµØ

ËùÐèȨÏÞ

ÎÞ

ʹÓÃÄѶÈ

µÍ

Óû§½»»¥

²»ÐèÒª

PoC/EXP

ÒѹûÕæ

ÔÚҰʹÓÃ

δ·¢Ã÷


Sudo£¨Super User Do£©ÊÇLinuxºÍUnixϵͳÖеÄÒ»¿îÏÂÁîÐй¤¾ß£¬£¬£¬ÔÊÐíÊÚȨÓû§ÒÔ³¬µÈÓû§»òÆäËûÓû§µÄÉí·ÝÖ´ÐÐÏÂÁî¡£¡£¡£Ëüͨ¹ýÉèÖÃÎļþ/etc/sudoers½ç˵ÄÄЩÓû§¿ÉÒÔÖ´ÐÐÄÄЩÏÂÁ£¬£¬²¢¼Í¼ÏÂÁîÖ´ÐеÄÈÕÖ¾£¬£¬£¬±ãÓÚÉó¼Æ¡£¡£¡£SudoʵÏÖÁË×îСȨÏÞÔ­Ôò£¬£¬£¬Ê¹µÃÖÎÀíÔ±¿ÉÒÔÊÚÓèÓû§ÓÐÏÞµÄÖÎÀíԱȨÏÞ¶øÎÞÐè¹²ÏírootÃÜÂë¡£¡£¡£ËüÒ²Ö§³ÖÏÂÁîÓÖÃû¡¢Ö÷»úÓÖÃûµÈÎÞаµÄ¹æÔòÉèÖ㬣¬£¬ÆÕ±éÓ¦ÓÃÓÚÇå¾²ÐԽϸߵÄϵͳÖС£¡£¡£


2025Äê7ÔÂ2ÈÕ£¬£¬£¬°ÙÀÖ²©¼¯ÍÅVSRC¼à²âµ½Linux µÄSudo¹¤¾ß±£´æLinux sudo chroot í§Òâ´úÂëÖ´ÐÐÎó²îCVE-2025-32463ºÍLinux sudo Host OptionÍâµØÌáȨÎó²îCVE-2025-32462£¬£¬£¬CVE-2025-32463ÊÇÒ»¸öí§Òâ´úÂëÖ´ÐÐÎó²î£¬£¬£¬Éæ¼°SudoµÄchroot¹¦Ð§¡£¡£¡£¸Ã¹¦Ð§ÔÊÐí¸ü¸ÄÏÂÁîµÄ¸ùĿ¼£¬£¬£¬¹¥»÷Õß¿ÉÒÔͨ¹ý½á¹¹¶ñÒâµÄ/etc/nsswitch.confÎļþ£¬£¬£¬Ê¹ÓÃSudo¼ÓÔØÓɹ¥»÷Õß¿ØÖƵĹ²Ïí¿â£¬£¬£¬´Ó¶øÖ´ÐÐí§Òâ´úÂ룬£¬£¬µ¼ÖÂrootȨÏÞ±»ÌáÉý¡£¡£¡£¹¥»÷ÕßÄܹ»ÔÚÊÜÏÞÇéÐÎÖÐÖ´Ðб¾Ó¦ÊÜÏÞµÄÏÂÁ£¬£¬Ôì³ÉÑÏÖØÇ徲Σº¦¡£¡£¡£


CVE-2025-32462ÊÇÒ»¸öÍâµØȨÏÞÌáÉýÎó²î£¬£¬£¬±£´æÓÚSudoµÄ-h (--host)Ñ¡ÏîÖС£¡£¡£¸ÃÑ¡ÏîÔÊÐíÓû§Éó²éÆäËûÖ÷»úµÄSudoȨÏÞÉèÖᣡ£¡£Ñо¿·¢Ã÷£¬£¬£¬Sudo»á¹ýʧµØ½«Ô¶³ÌÖ÷»úµÄȨÏÞ¹æÔòÓ¦ÓÃÓÚÍâµØϵͳ£¬£¬£¬µ¼Ö¹¥»÷ÕßÈƹýÍâµØȨÏÞÏÞÖÆ£¬£¬£¬Ö±½Ó»ñµÃrootȨÏÞ¡£¡£¡£´ËÎó²î²»ÐèÒªÖØ´óµÄ¹¥»÷·½·¨¼´¿É±»Ê¹Óᣡ£¡£


¶þ¡¢Ó°Ïì¹æÄ£


Linux sudo chroot í§Òâ´úÂëÖ´ÐÐÎó²î£¨CVE-2025-32463£©£º1.9.14 <= Sudo <= 1.9.17
Linux sudo Host Option ÍâµØÌáȨÎó²î£¨CVE-2025-32462£©£º1.8.8 <= Sudo <= 1.9.17¡£¡£¡£


Èý¡¢Çå¾²²½·¥


3.1 Éý¼¶°æ±¾


½¨ÒéÁ¬Ã¦Éý¼¶ Sudo ÖÁ 1.9.17p1 »ò¸ü¸ß°æ±¾£¬£¬£¬ÐÞ¸´´ËÎó²î


ÏÂÔØÁ´½Ó£ºhttps://www.sudo.ws/releases/stable/

»òͨ¹ý°ü¹ÜÀí¹¤¾ß¾ÙÐÐÉý¼¶
Debian/UbuntuÓû§£ºsudo apt update && sudo apt upgrade sudo
RHEL/CentOS/FedoraÓû§£ºsudo yum update sudo
SUSEÓû§£ºsudo zypper refresh && sudo zypper update sudo


3.2 ÔÝʱ²½·¥


ÔÝÎÞ¡£¡£¡£


3.3 ͨÓý¨Òé


?°´ÆÚ¸üÐÂϵͳ²¹¶¡£¡£¡£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£¡£
?ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£¡£¡£
?ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£¡£
?ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£

?ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://www.sudo.ws/security/advisories/
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
https://nvd.nist.gov/vuln/detail/CVE-2025-32463
https://nvd.nist.gov/vuln/detail/CVE-2025-32462