Описание
Уязвимость программы системного администрирования Sudo связана с недостатками процедуры аутентификации. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии
Вендор
Red Hat Inc.
Novell Inc.
Сообщество свободного программного обеспечения
ООО «Ред Софт»
АО «ИВК»
Fedora Project
NetApp Inc.
Todd C. Miller
Наименование ПО
Red Hat Enterprise Linux
Suse Linux Enterprise Desktop
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Software Development Kit
Suse Linux Enterprise Server
SUSE Linux Enterprise Module for Basesystem
SUSE CaaS Platform
SUSE OpenStack Cloud Crowbar
Debian GNU/Linux
SUSE Enterprise Storage
HPE Helion Openstack
SUSE Linux Enterprise High Performance Computing
openSUSE Tumbleweed
SUSE Linux Enterprise Server for Raspberry Pi
SUSE Manager Proxy
SUSE Manager Server
РЕД ОС
SUSE Linux Enterprise Micro
Альт 8 СП
SUSE Linux Enterprise Real Time
SUSE Manager Retail Branch Server
Fedora
АЛЬТ СП 10
NetApp SolidFire & HCI Storage Node
NetApp SolidFire & HCI Management Node
NetApp HCI Compute Node BIOS
Sudo
ONTAP Tools for VMware vSphere
Версия ПО
6 (Red Hat Enterprise Linux)
7 (Red Hat Enterprise Linux)
12 SP3 (Suse Linux Enterprise Desktop)
12 SP4 (Suse Linux Enterprise Desktop)
12 SP2 (SUSE Linux Enterprise Server for SAP Applications)
12 SP3 (SUSE Linux Enterprise Server for SAP Applications)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
12 SP3 (SUSE Linux Enterprise Software Development Kit)
12 SP4 (SUSE Linux Enterprise Software Development Kit)
12 SP3 (Suse Linux Enterprise Server)
12 SP4 (Suse Linux Enterprise Server)
11 SP4 (Suse Linux Enterprise Server)
8 (Red Hat Enterprise Linux)
15 (SUSE Linux Enterprise Module for Basesystem)
15 SP1 (SUSE Linux Enterprise Module for Basesystem)
3.0 (SUSE CaaS Platform)
12 SP2-BCL (Suse Linux Enterprise Server)
12 SP2-ESPOS (Suse Linux Enterprise Server)
15 SP1 (SUSE Linux Enterprise Server for SAP Applications)
11 SP4-LTSS (Suse Linux Enterprise Server)
12 SP2-LTSS (Suse Linux Enterprise Server)
12 SP3-LTSS (Suse Linux Enterprise Server)
12 SP3-BCL (Suse Linux Enterprise Server)
12 SP5 (Suse Linux Enterprise Server)
12 SP5 (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (SUSE Linux Enterprise Software Development Kit)
8 (SUSE OpenStack Cloud Crowbar)
11 SP3-LTSS (Suse Linux Enterprise Server)
10 (Debian GNU/Linux)
6 (SUSE Enterprise Storage)
8 (HPE Helion Openstack)
12 SP3-ESPOS (Suse Linux Enterprise Server)
12 SP2 (Suse Linux Enterprise Desktop)
12 SP2 (Suse Linux Enterprise Server)
12 SP2 (SUSE Linux Enterprise Software Development Kit)
9 (SUSE OpenStack Cloud Crowbar)
12 SP5 (SUSE Linux Enterprise High Performance Computing)
15-ESPOS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (Suse Linux Enterprise Server)
- (openSUSE Tumbleweed)
15 SP2 (SUSE Linux Enterprise Module for Basesystem)
11 SP3 (Suse Linux Enterprise Server)
12 SP2 (SUSE Linux Enterprise Server for Raspberry Pi)
12 SP4-ESPOS (Suse Linux Enterprise Server)
4.0 (SUSE CaaS Platform)
12 SP4-LTSS (Suse Linux Enterprise Server)
15 SP1-BCL (Suse Linux Enterprise Server)
15 SP1-LTSS (Suse Linux Enterprise Server)
15 SP1-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP1-ESPOS (SUSE Linux Enterprise High Performance Computing)
4.0 (SUSE Manager Proxy)
4.0 (SUSE Manager Server)
15 SP3 (SUSE Linux Enterprise Module for Basesystem)
15 SP1 (Suse Linux Enterprise Server)
11 (Debian GNU/Linux)
12 (Debian GNU/Linux)
7.3 (РЕД ОС)
15 SP3 (SUSE Linux Enterprise High Performance Computing)
15 SP3 (Suse Linux Enterprise Server)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
4.2 (SUSE Manager Proxy)
4.2 (SUSE Manager Server)
15 SP3 (Suse Linux Enterprise Desktop)
7 (SUSE Enterprise Storage)
15 SP2 (Suse Linux Enterprise Server)
15 SP2 (SUSE Linux Enterprise Server for SAP Applications)
4.1 (SUSE Manager Server)
4.1 (SUSE Manager Proxy)
15 SP2-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing)
5.0 (SUSE Linux Enterprise Micro)
5.1 (SUSE Linux Enterprise Micro)
- (Альт 8 СП)
15 SP4 (Suse Linux Enterprise Server)
15 SP2 (Suse Linux Enterprise Desktop)
15 SP2 (SUSE Linux Enterprise High Performance Computing)
15 SP4 (Suse Linux Enterprise Desktop)
15 (Suse Linux Enterprise Server)
15 SP2-BCL (Suse Linux Enterprise Server)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
5.2 (SUSE Linux Enterprise Micro)
9 (Red Hat Enterprise Linux)
15 SP2-LTSS (Suse Linux Enterprise Server)
15 SP2 (SUSE Linux Enterprise Real Time)
4.3 (SUSE Manager Retail Branch Server)
4.3 (SUSE Manager Proxy)
4.3 (SUSE Manager Server)
15 SP4 (SUSE Linux Enterprise High Performance Computing)
15 SP1 (Suse Linux Enterprise Desktop)
15 (Suse Linux Enterprise Desktop)
7.1 (SUSE Enterprise Storage)
15 SP4 (SUSE Linux Enterprise Module for Basesystem)
15 (SUSE Linux Enterprise High Performance Computing)
15 SP1 (SUSE Linux Enterprise High Performance Computing)
5.3 (SUSE Linux Enterprise Micro)
15 SP3-LTSS (Suse Linux Enterprise Server)
15 SP3-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP3 (SUSE Linux Enterprise Real Time)
15 SP3-BCL (Suse Linux Enterprise Server)
39 (Fedora)
15 SP5 (SUSE Linux Enterprise Server for SAP Applications)
15 SP5 (Suse Linux Enterprise Server)
15 SP5 (Suse Linux Enterprise Desktop)
15 SP5 (SUSE Linux Enterprise High Performance Computing)
15 SP5 (SUSE Linux Enterprise Module for Basesystem)
15 SP4 (SUSE Linux Enterprise Real Time)
5.4 (SUSE Linux Enterprise Micro)
- (АЛЬТ СП 10)
5.5 (SUSE Linux Enterprise Micro)
- (NetApp SolidFire & HCI Storage Node)
- (NetApp SolidFire & HCI Management Node)
- (NetApp HCI Compute Node BIOS)
до 1.9.15 (Sudo)
10 (ONTAP Tools for VMware vSphere)
15 SP4-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing)
SP4-LTSS (Suse Linux Enterprise Server)
15 SP4-LTSS (Suse Linux Enterprise Desktop)
Тип ПО
Операционная система
Прикладное ПО информационных систем
Сетевое средство
Микропрограммный код
Операционные системы и аппаратные платформы
Red Hat Inc. Red Hat Enterprise Linux 6
Red Hat Inc. Red Hat Enterprise Linux 7
Novell Inc. Suse Linux Enterprise Desktop 12 SP3
Novell Inc. Suse Linux Enterprise Desktop 12 SP4
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4
Novell Inc. Suse Linux Enterprise Server 12 SP3
Novell Inc. Suse Linux Enterprise Server 12 SP4
Novell Inc. Suse Linux Enterprise Server 11 SP4
Red Hat Inc. Red Hat Enterprise Linux 8
Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1
Novell Inc. Suse Linux Enterprise Server 11 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS
Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5
Novell Inc. Suse Linux Enterprise Server 11 SP3-LTSS
Сообщество свободного программного обеспечения Debian GNU/Linux 10
Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS
Novell Inc. Suse Linux Enterprise Desktop 12 SP2
Novell Inc. Suse Linux Enterprise Server 12 SP2
Novell Inc. Suse Linux Enterprise Server 15-LTSS
Novell Inc. openSUSE Tumbleweed -
Novell Inc. Suse Linux Enterprise Server 11 SP3
Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS
Novell Inc. Suse Linux Enterprise Server 12 SP4-LTSS
Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL
Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS
Novell Inc. Suse Linux Enterprise Server 15 SP1
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Сообщество свободного программного обеспечения Debian GNU/Linux 12
ООО «Ред Софт» РЕД ОС 7.3
Novell Inc. Suse Linux Enterprise Server 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. Suse Linux Enterprise Desktop 15 SP3
Novell Inc. Suse Linux Enterprise Server 15 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2
АО «ИВК» Альт 8 СП -
Novell Inc. Suse Linux Enterprise Server 15 SP4
Novell Inc. Suse Linux Enterprise Desktop 15 SP2
Novell Inc. Suse Linux Enterprise Desktop 15 SP4
Novell Inc. Suse Linux Enterprise Server 15
Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Red Hat Inc. Red Hat Enterprise Linux 9
Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS
Novell Inc. SUSE Linux Enterprise Real Time 15 SP2
Novell Inc. Suse Linux Enterprise Desktop 15 SP1
Novell Inc. Suse Linux Enterprise Desktop 15
Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS
Novell Inc. SUSE Linux Enterprise Real Time 15 SP3
Novell Inc. Suse Linux Enterprise Server 15 SP3-BCL
Fedora Project Fedora 39
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP5
Novell Inc. Suse Linux Enterprise Desktop 15 SP5
Novell Inc. SUSE Linux Enterprise Real Time 15 SP4
АО «ИВК» АЛЬТ СП 10 -
Novell Inc. Suse Linux Enterprise Server SP4-LTSS
Novell Inc. Suse Linux Enterprise Desktop 15 SP4-LTSS
Уровень опасности уязвимости
Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7)
Возможные меры по устранению уязвимости
Использование рекомендаций:
Для sudo:
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/
Для программных продуктов NetApp Inc.:
https://security.netapp.com/advisory/ntap-20240208-0002/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-42465
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2023-42465
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2023-42465.html
Для АЛЬТ СП 10:
https://cve.basealt.ru/report-01012024-c10f1.html
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Статус уязвимости
Подтверждена производителем
Наличие эксплойта
Существует в открытом доступе
Информация об устранении
Уязвимость устранена
Ссылки на источники
Идентификаторы других систем описаний уязвимостей
- CVE
EPSS
Процентиль: 0%
0.00004
Низкий
7 High
CVSS3
6 Medium
CVSS2
Связанные уязвимости
CVSS3: 7
ubuntu
больше 1 года назад
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
CVSS3: 7
redhat
почти 2 года назад
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
CVSS3: 7
nvd
больше 1 года назад
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
EPSS
Процентиль: 0%
0.00004
Низкий
7 High
CVSS3
6 Medium
CVSS2