Vulnerability CVE-2023-22809: Information

Description

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-22809
Published: Jan. 18, 2023
Modified: Nov. 17, 2023
Error type identifier: CWE-269

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
sudosisyphus1.9.12p2-alt11.9.15p5-alt1ALT-PU-2023-1110-1313931Fixed
sudosisyphus_e2k1.9.12p2-alt11.9.15p5-alt1ALT-PU-2023-2297-1-Fixed
sudosisyphus_riscv641.9.12p2-alt11.9.15p5-alt1ALT-PU-2023-2322-1-Fixed
sudop101.9.12p2-alt11.9.15p1-alt1ALT-PU-2023-1147-1313932Fixed
sudop10_e2k1.9.12p2-alt11.9.15p1-alt1ALT-PU-2023-2389-1-Fixed
sudop91.9.13p2-alt11.9.13p2-alt1ALT-PU-2023-1657-1318844Fixed
sudop9_e2k1.9.13p2-alt11.9.13p2-alt1ALT-PU-2023-5373-1-Fixed
sudoc10f11.9.12p2-alt11.9.15p1-alt1ALT-PU-2023-1147-1313932Fixed
sudoc9f21.9.12p2-alt0.c9f2.11.9.15p5-alt0.c9f2.1ALT-PU-2023-1121-1313971Fixed
sudop111.9.12p2-alt11.9.15p5-alt1ALT-PU-2023-1110-1313931Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
  • Exploit
  • Mitigation
  • Technical Description
  • Third Party Advisory
https://www.sudo.ws/security/advisories/sudoedit_any/
  • Exploit
  • Mitigation
  • Vendor Advisory
[debian-lts-announce] 20230118 [SECURITY] [DLA 3272-1] sudo security update
  • Mailing List
  • Third Party Advisory
DSA-5321
  • Third Party Advisory
[oss-security] 20230119 CVE-2023-22809: Sudoedit can edit arbitrary files
  • Exploit
  • Mailing List
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20230127-0015/
  • Third Party Advisory
http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html
  • Third Party Advisory
  • VDB Entry
GLSA-202305-12
  • Third Party Advisory
http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html
  • Third Party Advisory
  • VDB Entry
20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit
  • Mailing List
  • Third Party Advisory
http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html
  • Third Party Advisory
  • VDB Entry
https://support.apple.com/kb/HT213758
  • Third Party Advisory
FEDORA-2023-9078f609e6
  • Mailing List
FEDORA-2023-298c136eee
  • Mailing List

    1. Configuration 1

      cpe:2.3:a:sudo_project:sudo:1.9.12:-:*:*:*:*:*:*
      cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
      Start including
      1.8.0
      End excliding
      1.9.12
      cpe:2.3:a:sudo_project:sudo:1.9.12:p1:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
      cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
      End excliding
      13.4
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top