Vulnerability CVE-2023-42465: Information

Description

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-42465
Published: Dec. 22, 2023
Modified: Feb. 18, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
sudosisyphus1.9.15p1-alt11.9.15p5-alt1ALT-PU-2023-7026-2333865Fixed
sudosisyphus_e2k1.9.15p1-alt11.9.15p5-alt1ALT-PU-2023-7143-1-Fixed
sudosisyphus_riscv641.9.15p1-alt11.9.15p5-alt1ALT-PU-2023-7135-1-Fixed
sudop101.9.15p1-alt11.9.15p1-alt1ALT-PU-2023-7648-2333866Fixed
sudop10_e2k1.9.15p1-alt11.9.15p1-alt1ALT-PU-2023-7868-1-Fixed
sudoc10f11.9.15p1-alt11.9.15p1-alt1ALT-PU-2023-8393-3337459Fixed
sudoc9f21.9.15p5-alt0.c9f2.11.9.15p5-alt0.c9f2.1ALT-PU-2024-7909-3348297Fixed
sudop111.9.15p1-alt11.9.15p5-alt1ALT-PU-2023-7026-2333865Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.sudo.ws/releases/changelog/
  • Release Notes
https://www.openwall.com/lists/oss-security/2023/12/21/9
  • Exploit
  • Mailing List
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f
  • Patch
https://arxiv.org/abs/2309.02545
  • Technical Description
  • Third Party Advisory
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15
  • Release Notes
GLSA-202401-29
    FEDORA-2024-cdccda4f62
      https://security.netapp.com/advisory/ntap-20240208-0002/
        FEDORA-2024-6fa5af9ea8

            1. Configuration 1

              cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
              End excliding
              1.9.15
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.3
          Back to top