Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:0169-1

Опубликовано: 27 янв. 2021
Источник: suse-cvrf

Описание

Security update for sudo

This update for sudo fixes the following issues:

  • A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156]
  • It was possible for a user to test for the existence of a directory due to a Race Condition in sudoedit [bsc#1180684,CVE-2021-23239]
  • A Possible Symlink Attack vector existed in sudoedit if SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240]
  • It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1
sudo-1.8.22-lp151.5.12.1
sudo-devel-1.8.22-lp151.5.12.1
sudo-test-1.8.22-lp151.5.12.1

Ссылки

Описание

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

Затронутые продукты
openSUSE Leap 15.1:sudo-1.8.22-lp151.5.12.1
openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.12.1
openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.12.1
Ссылки

Описание

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

Затронутые продукты
openSUSE Leap 15.1:sudo-1.8.22-lp151.5.12.1
openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.12.1
openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.12.1
Ссылки

Описание

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Затронутые продукты
openSUSE Leap 15.1:sudo-1.8.22-lp151.5.12.1
openSUSE Leap 15.1:sudo-devel-1.8.22-lp151.5.12.1
openSUSE Leap 15.1:sudo-test-1.8.22-lp151.5.12.1
Ссылки
Уязвимость openSUSE-SU-2021:0169-1