Sudo Releases Security Update

Security update addresses a high severity vulnerability in Sudo

Threat ID:: CC-4247
Threat Severity:: Information only
Published:: 19 January 2023 2:07 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security update addresses a high severity vulnerability in Sudo

Affected platforms

The following platforms are known to be affected:

Versions: 1.8.0 through 1.9.12p1

Sudo

Threat details

Introduction

Sudo has released a security update to address a high severity vulnerability known as CVE-2023-22809 that relates to a flaw in Sudo’s -e option known as sudoedit. This vulnerability could allow a local attacker to append arbitrary entries to the list of files to process, which could lead to privilege escalation.

Remediation advice

Affected organisations are encouraged to review the Sudo security advisory and apply the necessary update or workaround.

Definitive source of threat updates

https://www.sudo.ws/security/advisories/sudoedit_any/

CVE Vulnerabilities

Status Published

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Last edited: 19 January 2023 2:07 pm