Описание
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | sudo | Out of support scope | ||
| Red Hat Enterprise Linux 7 | sudo | Out of support scope | ||
| Red Hat Enterprise Linux 8 | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9 | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9 | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | sudo | Fixed | RHSA-2024:0811 | 14.02.2024 |
| RHODF-4.15-RHEL-9 | odf4/cephcsi-rhel9 | Fixed | RHSA-2024:1383 | 19.03.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
EPSS
5.3 Medium
CVSS3