CVSS Score: 7.8 HIGH

Summary: Baron Samedit is a vulnerability that can lead to privilege escalation in Unix-like systems. It affects legacy versions of sudo from 1.8.2 to 1.8.31p2 and all stable version from 1.9.0 to 1.9.5p1. The weakness lies with the way sudo handles escaping special characters. It can lead to a heap-based buffer overflow to gain root privileges.

Technical explanation: Researchers at Qualys discovered that a command-line argument ending in a single backslash character can lead to a heap-based buffer overflow in the set_cmnd() function of sudo. However, the condition is only met when the MODE_SHELL flag and either the MODE_EDIT or MODE_CHECK flag are set, but the default MODE_RUN is not. These flags cannot be set while running sudo. However, these conditions can be met while executing sudoedit, which is technically the same binary.

To confirm exploitability, search for a vulnerable version of sudo:
sudo --version
or
apt-cache policy sudo

No known mitigation.

Fix: Update to a patched version of sudo:

Ubuntu/Debian:
apt update && apt install sudo