Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-0291

Опубликовано: 24 янв. 2023
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2023-0291: sudo security update (IMPORTANT)

[1.8.23-10.3] RHEL 7.9.Z ERRATUM

  • CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161222

[1.8.23-10.2]

  • RHEL 7.9.Z ERRATUM
  • defaults use_pty plus SELinux ROLE in user specification breaks terminal Resolves: rhbz#1972820

[1.8.23-10.1]

  • RHEL 7.9.Z ERRATUM
  • CVE-2021-3156 Resolves: rhbz#1917729

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

sudo

1.8.23-10.el7_9.3

sudo-devel

1.8.23-10.el7_9.3

Oracle Linux x86_64

sudo

1.8.23-10.el7_9.3

sudo-devel

1.8.23-10.el7_9.3

Связанные CVE

CVE-2023-22809

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2023-22809

CVSS3: 7.8
ubuntu
больше 2 лет назад

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

redhat логотип

CVE-2023-22809

CVSS3: 7.8
redhat
больше 2 лет назад

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

nvd логотип

CVE-2023-22809

CVSS3: 7.8
nvd
больше 2 лет назад

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

debian логотип

CVE-2023-22809

CVSS3: 7.8
debian
больше 2 лет назад

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extr ...

suse-cvrf логотип

SUSE-SU-2023:0117-1

suse-cvrf
больше 2 лет назад

Security update for sudo