Описание
Sudo before 1.9.13 does not escape control characters in log messages.
A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | sudo | Out of support scope | ||
| Red Hat Enterprise Linux 7 | sudo | Out of support scope | ||
| Red Hat Enterprise Linux 8 | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9 | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9 | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| RHODF-4.15-RHEL-9 | odf4/cephcsi-rhel9 | Fixed | RHSA-2024:1383 | 19.03.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Sudo before 1.9.13 does not escape control characters in log messages.
Sudo before 1.9.13 does not escape control characters in log messages.
Sudo before 1.9.13 does not escape control characters in log messages.
Sudo before 1.9.13 does not escape control characters in log messages.
Sudo before 1.9.13 does not escape control characters in log messages.
EPSS
5.3 Medium
CVSS3