No one expected any vulnerability in this command.
Developers have just managed to patch the vulnerability in the sudo command that allowed access to system components at the root level, even if the configuration clearly forbade it. So if a person having access to a computer also had access to the command line, even without being an administrator, he could perform on the device basically any share.
The sensitivity was about how the sudo command treated user IDs. If a user with ID -1 or an unsigned counterpart 4294967295 enters the command, it will be interpreted as if the user had root access and had ID 0 – even though the user with ID -1 was saved in the log. What's worse: issuing the command did not require an additional password, because the ID in question is not stored in the password database.
To get rid of the gap must be downloaded sudo package version 1.8.28 or newer.
What do you think about this vulnerability? A big oversight, or rather a thing in practice not for use by a cybercriminal or malicious person?