¡¾·ì϶¹«¸æ¡¿Linux sudo chroot ËÁÒâ´úÂëÖ´Ðзì϶ (CVE-2025-32463)

°ä²¼¹¦·ò 2025-07-02

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

Linux sudo chroot ËÁÒâ´úÂëÖ´Ðзì϶

CVE   ID

CVE-2025-32463

·ì϶ÀàÐÍ

´úÂëÖ´ÐÐ

·¢ÏÖ¹¦·ò

2025-07-02

·ì϶ÆÀ·Ö

9.3

·ì϶µÈ¼¶

ÑϳÁ

¹¥»÷ÏòÁ¿

±¾µØ

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»±ØÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


Sudo£¨Super User Do£©ÊÇLinuxºÍUnixϵͳÖеÄÒ»¿îºÅÁîÐй¤¾ß£¬£¬£¬£¬£¬£¬ £¬£¬ÔÊÐíÊÚȨÓû§ÒÔ³¬µÈÓû§»òÆäËûÓû§µÄÉí·ÝÖ´ÐкÅÁî¡£ ¡£¡£¡£¡£Ëüͨ¹ýÅäÖÃÎļþ/etc/sudoers½ç˵ÄÄЩÓû§Äܹ»Ö´ÐÐÄÄЩºÅÁ£¬£¬£¬£¬£¬ £¬£¬²¢¼Í¼ºÅÁîÖ´ÐеÄÈÕÖ¾£¬£¬£¬£¬£¬£¬ £¬£¬±ãÓÚÉó¼Æ¡£ ¡£¡£¡£¡£SudoʵÏÖÁË×îÓ×ȨÏÞ×¼Ôò£¬£¬£¬£¬£¬£¬ £¬£¬Ê¹µÃÖÎÀíÔ±Äܹ»ÊÚÓèÓû§ÓÐÏÞµÄÖÎÀíԱȨÏÞ¶øÎÞÐè¹²ÏírootÃÜÂë¡£ ¡£¡£¡£¡£ËüÒ²Ö§³ÖºÅÁî±ðºÅ¡¢Ö÷»ú±ðºÅµÈ½Ã½ÝµÄ¹æ¶¨ÅäÖ㬣¬£¬£¬£¬£¬ £¬£¬¿í·ºÀûÓÃÓÚ°²È«ÐԽϸߵÄϵͳÖС£ ¡£¡£¡£¡£


2025Äê7ÔÂ2ÈÕ£¬£¬£¬£¬£¬£¬ £¬£¬8827Ì«Ñô¼¯Íż¯ÍÅVSRC¼à²âµ½Linux µÄSudo¹¤¾ß´æÔÚLinux sudo chroot ËÁÒâ´úÂëÖ´Ðзì϶CVE-2025-32463ºÍLinux sudo Host Option±¾µØÌáȨ·ì϶CVE-2025-32462£¬£¬£¬£¬£¬£¬ £¬£¬CVE-2025-32463ÊÇÒ»¸öËÁÒâ´úÂëÖ´Ðзì϶£¬£¬£¬£¬£¬£¬ £¬£¬Éæ¼°SudoµÄchrootÖ°ÄÜ¡£ ¡£¡£¡£¡£¸ÃÖ°ÄÜÔÊÐí¸ü¸ÄºÅÁîµÄ¸ùĿ¼£¬£¬£¬£¬£¬£¬ £¬£¬¹¥»÷ÕßÄܹ»Í¨¹ý»ú¹Ø¶ñÒâµÄ/etc/nsswitch.confÎļþ£¬£¬£¬£¬£¬£¬ £¬£¬ÀûÓÃSudo¼ÓÔØÓɹ¥»÷Õß½ÚÔìµÄ¹²Ïí¿â£¬£¬£¬£¬£¬£¬ £¬£¬´Ó¶øÖ´ÐÐËÁÒâ´úÂ룬£¬£¬£¬£¬£¬ £¬£¬µ¼ÖÂrootȨÏÞ±»ÌáÉý¡£ ¡£¡£¡£¡£¹¥»÷Õß¿ÉÄÜÔÚÊÜÏÞ»·¾³ÖÐÖ´Ðб¾Ó¦ÊÜÏ޵ĺÅÁ£¬£¬£¬£¬£¬ £¬£¬Ôì³ÉÑϳÁ°²È«·çÏÕ¡£ ¡£¡£¡£¡£


CVE-2025-32462ÊÇÒ»¸ö±¾µØȨÏÞÌáÉý·ì϶£¬£¬£¬£¬£¬£¬ £¬£¬´æÔÚÓÚSudoµÄ-h (--host)Ñ¡ÏîÖС£ ¡£¡£¡£¡£¸ÃÑ¡ÏîÔÊÐíÓû§²é¿´ÆäËûÖ÷»úµÄSudoȨÏÞÅäÖᣠ¡£¡£¡£¡£×êÑз¢ÏÖ£¬£¬£¬£¬£¬£¬ £¬£¬Sudo»áÃýÎóµØ½«Ô¶³ÌÖ÷»úµÄȨÏ޹涨ÀûÓÃÓÚ±¾µØϵͳ£¬£¬£¬£¬£¬£¬ £¬£¬µ¼Ö¹¥»÷ÕßÈƹý±¾µØȨÏÞÏ޶ȣ¬£¬£¬£¬£¬£¬ £¬£¬Ö±½Ó»ñµÃrootȨÏÞ¡£ ¡£¡£¡£¡£´Ë·ì϶²»±ØÒª¸´ÔӵĹ¥»÷·½Ê½¼´¿É±»ÀûÓᣠ¡£¡£¡£¡£


¶þ¡¢Ó°ÏìÁìÓò


Linux sudo chroot ËÁÒâ´úÂëÖ´Ðзì϶£¨CVE-2025-32463£©£º1.9.14 <= Sudo <= 1.9.17
Linux sudo Host Option ±¾µØÌáȨ·ì϶£¨CVE-2025-32462£©£º1.8.8 <= Sudo <= 1.9.17¡£ ¡£¡£¡£¡£


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


½¨ÒéÁ¢¼´Éý¼¶ Sudo ÖÁ 1.9.17p1 »ò¸ü¸ß°æ±¾£¬£¬£¬£¬£¬£¬ £¬£¬½¨¸´´Ë·ì϶


ÏÂÔØÁ´½Ó£ºhttps://www.sudo.ws/releases/stable/

»òͨ¹ý°üÖÎÀí¹¤¾ß½øÐÐÉý¼¶
Debian/UbuntuÓû§£ºsudo apt update && sudo apt upgrade sudo
RHEL/CentOS/FedoraÓû§£ºsudo yum update sudo
SUSEÓû§£ºsudo zypper refresh && sudo zypper update sudo


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£ ¡£¡£¡£¡£


3.3 ͨÓý¨Òé


?¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£ ¡£¡£¡£¡£¬£¬£¬£¬£¬£¬ £¬£¬Ï÷¼õϵͳ·ì϶£¬£¬£¬£¬£¬£¬ £¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£ ¡£¡£¡£¡£
?¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔ죬£¬£¬£¬£¬£¬ £¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬£¬£¬£¬£¬ £¬£¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬£¬£¬£¬£¬ £¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬£¬£¬£¬£¬ £¬£¬Ï÷¼õ¹¥»÷Ãæ¡£ ¡£¡£¡£¡£
?ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬£¬£¬£¬£¬ £¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£ ¡£¡£¡£¡£
?¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬£¬ £¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò£¬£¬£¬£¬£¬£¬ £¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£ ¡£¡£¡£¡£

?ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£ ¡£¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://www.sudo.ws/security/advisories/
https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot
https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host
https://nvd.nist.gov/vuln/detail/CVE-2025-32463
https://nvd.nist.gov/vuln/detail/CVE-2025-32462