Back to bug 2179272
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-03-17 07:47:49 UTC | Summary | CVE-2023-28486 sudo: Sudo does not escape control characters in log messages. | CVE-2023-28486 sudo: Sudo does not escape control characters in log messages |
| Sandipan Roy | 2023-03-17 07:48:20 UTC | Blocks | 2179004 | |
| Sandipan Roy | 2023-03-17 07:51:00 UTC | Depends On | 2179274, 2179275 | |
| Marco Benatto | 2023-03-27 17:13:41 UTC | Depends On | 2182148, 2182149 | |
| Marco Benatto | 2023-03-27 17:23:38 UTC | Fixed In Version | sudo-1.9.13 | |
| Marco Benatto | 2023-03-27 17:27:04 UTC | Doc Text | There's a flaw in sudo package as shipped with Red Hat Enterprise Linux 8 and 9 where "sudoreplay -l' command doesn't properly escape terminal control characters. As sudo's log messages may contain user-controlled strings an attacker may leverage this flaw by injecting terminal control commands, leading to the leak of restricted information. | |
| Marco Benatto | 2023-03-27 17:32:02 UTC | Doc Text | There's a flaw in sudo package as shipped with Red Hat Enterprise Linux 8 and 9 where "sudoreplay -l' command doesn't properly escape terminal control characters. As sudo's log messages may contain user-controlled strings an attacker may leverage this flaw by injecting terminal control commands, leading to the leak of restricted information. | There's a flaw in sudo package as shipped with Red Hat Enterprise Linux 8 and 9 where sudo doesn't properly escape terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings an attacker may leverage this flaw by injecting terminal control commands, leading to the leak of restricted information. |
| Paige Jung | 2023-03-27 17:40:08 UTC | Doc Text | There's a flaw in sudo package as shipped with Red Hat Enterprise Linux 8 and 9 where sudo doesn't properly escape terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings an attacker may leverage this flaw by injecting terminal control commands, leading to the leak of restricted information. | A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information. |
| Red Hat Bugzilla | 2023-07-07 08:30:33 UTC | Assignee | security-response-team | nobody |
Back to bug 2179272