Here's a summary of the issue as noted by Twitter user @IanColdwaller:
"Heap-based buffer overflow in sudo exploitable by any local user. Can be used to elevate privileges to root, even if user not listed in sudoers file. User auth is not required to exploit the bug"
At the very least, one must be logged in to a system to exploit it.
Given the modern paradigm of just setting up a hypervisor and giving everyone a virtual playground where they have complete root access, as opposed to a multi-user system, I don't expect this to be a terribly big issue.
I'll still be going through all the CentOS boxes at work tomorrow...
"Heap-based buffer overflow in sudo exploitable by any local user. Can be used to elevate privileges to root, even if user not listed in sudoers file. User auth is not required to exploit the bug"
At the very least, one must be logged in to a system to exploit it.
Given the modern paradigm of just setting up a hypervisor and giving everyone a virtual playground where they have complete root access, as opposed to a multi-user system, I don't expect this to be a terribly big issue.
I'll still be going through all the CentOS boxes at work tomorrow...