¡¾·ì϶¹«¸æ¡¿Linux sudo chroot ËÁÒâ´úÂëÖ´Ðзì϶ (CVE-2025-32463)

°ä²¼¹¦·ò 2025-07-02

Ò»¡¢·ì϶¸ÅÊö


·ì϶Ãû³Æ

Linux sudo chroot ËÁÒâ´úÂëÖ´Ðзì϶

CVE   ID

CVE-2025-32463

·ì϶ÀàÐÍ

´úÂëÖ´ÐÐ

·¢ÏÖ¹¦·ò

2025-07-02

·ì϶ÆÀ·Ö

9.3

·ì϶µÈ¼¶

ÑÏÖØ

¹¥»÷ÏòÁ¿

±¾µØ

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»±ØÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


Sudo£¨Super User Do£©ÊÇLinuxºÍUnixϵͳÖеÄÒ»¿îºÅÁîÐй¤¾ß£¬£¬£¬ÔÊÐíÊÚȨÓû§ÒÔ³¬µÈÓû§»òÆäËûÓû§µÄÉí·ÝÖ´ÐкÅÁî ¡£¡£Ëüͨ¹ýÅäÖÃÎļþ/etc/sudoers½ç˵ÄÄЩÓû§Äܹ»Ö´ÐÐÄÄЩºÅÁ£¬£¬²¢¼Í¼ºÅÁîÖ´ÐеÄÈÕÖ¾£¬£¬£¬±ãÓÚÉó¼Æ ¡£¡£SudoʵÏÖÁË×îСȨÏÞ×¼Ôò£¬£¬£¬Ê¹µÃÖÎÀíÔ±Äܹ»ÊÚÓèÓû§ÓÐÏÞµÄÖÎÀíԱȨÏÞ¶øÎÞÐè¹²ÏírootÃÜÂë ¡£¡£ËüÒ²Ö§³ÖºÅÁî±ðºÅ¡¢Ö÷»ú±ðºÅµÈ½Ã½ÝµÄ¹æ¶¨ÅäÖ㬣¬£¬¿í·ºÀûÓÃÓÚ°²È«ÐԽϸߵÄϵͳÖÐ ¡£¡£


2025Äê7ÔÂ2ÈÕ£¬£¬£¬OG¶«·½Ìü¼¯ÍÅVSRC¼à²âµ½Linux µÄSudo¹¤¾ß´æÔÚLinux sudo chroot ËÁÒâ´úÂëÖ´Ðзì϶CVE-2025-32463ºÍLinux sudo Host Option±¾µØÌáȨ·ì϶CVE-2025-32462£¬£¬£¬CVE-2025-32463ÊÇÒ»¸öËÁÒâ´úÂëÖ´Ðзì϶£¬£¬£¬Éæ¼°SudoµÄchrootÖ°ÄÜ ¡£¡£¸ÃÖ°ÄÜÔÊÐí¸ü¸ÄºÅÁîµÄ¸ùĿ¼£¬£¬£¬¹¥»÷ÕßÄܹ»Í¨¹ý»ú¹Ø¶ñÒâµÄ/etc/nsswitch.confÎļþ£¬£¬£¬ÀûÓÃSudo¼ÓÔØÓɹ¥»÷Õß½ÚÖƵĹ²Ïí¿â£¬£¬£¬´Ó¶øÖ´ÐÐËÁÒâ´úÂ룬£¬£¬µ¼ÖÂrootȨÏÞ±»ÌáÉý ¡£¡£¹¥»÷Õß¿ÉÄÜÔÚÊÜÏÞ»·¾³ÖÐÖ´Ðб¾Ó¦ÊÜÏ޵ĺÅÁ£¬£¬Ôì³ÉÑÏÖØ°²È«·çÏÕ ¡£¡£


CVE-2025-32462ÊÇÒ»¸ö±¾µØȨÏÞÌáÉý·ì϶£¬£¬£¬´æÔÚÓÚSudoµÄ-h (--host)Ñ¡ÏîÖÐ ¡£¡£¸ÃÑ¡ÏîÔÊÐíÓû§²é¿´ÆäËûÖ÷»úµÄSudoȨÏÞÅäÖà ¡£¡£×êÑз¢ÏÖ£¬£¬£¬Sudo»áÃýÎóµØ½«Ô¶³ÌÖ÷»úµÄȨÏ޹涨ÀûÓÃÓÚ±¾µØϵͳ£¬£¬£¬µ¼Ö¹¥»÷ÕßÈƹý±¾µØȨÏÞÏ޶ȣ¬£¬£¬Ö±½Ó»ñµÃrootȨÏÞ ¡£¡£´Ë·ì϶²»±ØÒª¸´ÔӵĹ¥»÷·½Ê½¼´¿É±»ÀûÓà ¡£¡£


¶þ¡¢Ó°ÏìÁìÓò


Linux sudo chroot ËÁÒâ´úÂëÖ´Ðзì϶£¨CVE-2025-32463£©£º£º£º1.9.14 <= Sudo <= 1.9.17
Linux sudo Host Option ±¾µØÌáȨ·ì϶£¨CVE-2025-32462£©£º£º£º1.8.8 <= Sudo <= 1.9.17 ¡£¡£


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


½¨ÒéÁ¢¼´Éý¼¶ Sudo ÖÁ 1.9.17p1 »ò¸ü¸ß°æ±¾£¬£¬£¬ÐÞ¸´´Ë·ì϶


ÏÂÔØÁ´½Ó£º£º£ºhttps://www.sudo.ws/releases/stable/

»òͨ¹ý°üÖÎÀí¹¤¾ß½øÐÐÉý¼¶
Debian/UbuntuÓû§£º£º£ºsudo apt update && sudo apt upgrade sudo
RHEL/CentOS/FedoraÓû§£º£º£ºsudo yum update sudo
SUSEÓû§£º£º£ºsudo zypper refresh && sudo zypper update sudo


3.2 һʱ´ëÊ©


ÔÝÎÞ ¡£¡£


3.3 ͨÓý¨Òé


?¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬Ï÷¼õϵͳ·ì϶£¬£¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ ¡£¡£
?¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÖÆ£¬£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬£¬¹Ø±Õ·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬£¬Ï÷¼õ¹¥»÷Ãæ ¡£¡£
?ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ ¡£¡£
?¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÖƺÍ×îСȨÏÞ×¼Ôò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È ¡£¡£

?ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä ¡£¡£


3.4 ²Î¿¼Á´½Ó


https://www.sudo.ws/security/advisories/
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
https://nvd.nist.gov/vuln/detail/CVE-2025-32463
https://nvd.nist.gov/vuln/detail/CVE-2025-32462