Количество 19
Количество 19
BDU:2023-00210
Уязвимость функции sudoedit программы системного администрирования Sudo, позволяющая нарушителю повысить свои привилегии
ROS-20230124-01
Уязвимость Sudo
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extr ...
SUSE-SU-2023:0117-1
Security update for sudo
SUSE-SU-2023:0116-1
Security update for sudo
SUSE-SU-2023:0115-1
Security update for sudo
SUSE-SU-2023:0114-1
Security update for sudo
SUSE-SU-2023:0101-1
Security update for sudo
SUSE-SU-2023:0100-1
Security update for sudo
RLSA-2023:0284
Important: sudo security update
RLSA-2023:0282
Important: sudo security update
GHSA-3vwp-294x-6v9c
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
ELSA-2023-12143
ELSA-2023-12143: sudo security update (IMPORTANT)
ELSA-2023-0291
ELSA-2023-0291: sudo security update (IMPORTANT)
ELSA-2023-0284
ELSA-2023-0284: sudo security update (IMPORTANT)
ELSA-2023-0282
ELSA-2023-0282: sudo security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-00210 Уязвимость функции sudoedit программы системного администрирования Sudo, позволяющая нарушителю повысить свои привилегии | CVSS3: 7.3 | 43% Средний | больше 2 лет назад |
 | ROS-20230124-01 Уязвимость Sudo | CVSS3: 7.3 | 43% Средний | больше 2 лет назад |
 | CVE-2023-22809 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | CVSS3: 7.8 | 43% Средний | больше 2 лет назад |
 | CVE-2023-22809 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | CVSS3: 7.8 | 43% Средний | больше 2 лет назад |
 | CVE-2023-22809 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | CVSS3: 7.8 | 43% Средний | больше 2 лет назад |
| CVE-2023-22809 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extr ... | CVSS3: 7.8 | 43% Средний | больше 2 лет назад |
 | SUSE-SU-2023:0117-1 Security update for sudo | 43% Средний | больше 2 лет назад | |
| SUSE-SU-2023:0116-1 Security update for sudo | 43% Средний | больше 2 лет назад | |
| SUSE-SU-2023:0115-1 Security update for sudo | 43% Средний | больше 2 лет назад | |
| SUSE-SU-2023:0114-1 Security update for sudo | 43% Средний | больше 2 лет назад | |
| SUSE-SU-2023:0101-1 Security update for sudo | 43% Средний | больше 2 лет назад | |
| SUSE-SU-2023:0100-1 Security update for sudo | 43% Средний | больше 2 лет назад | |
 | RLSA-2023:0284 Important: sudo security update | 43% Средний | больше 2 лет назад | |
| RLSA-2023:0282 Important: sudo security update | 43% Средний | больше 2 лет назад | |
| GHSA-3vwp-294x-6v9c In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | CVSS3: 7.8 | 43% Средний | больше 2 лет назад |
| ELSA-2023-12143 ELSA-2023-12143: sudo security update (IMPORTANT) | больше 2 лет назад | ||
| ELSA-2023-0291 ELSA-2023-0291: sudo security update (IMPORTANT) | больше 2 лет назад | ||
| ELSA-2023-0284 ELSA-2023-0284: sudo security update (IMPORTANT) | больше 2 лет назад | ||
| ELSA-2023-0282 ELSA-2023-0282: sudo security update (IMPORTANT) | больше 2 лет назад |
Уязвимостей на страницу