Bug 2161142 (CVE-2023-22809)
Summary: | CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sandipan Roy <saroy> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | arachman, chorn, dapospis, enothen, kyoshida, lveyde, michal.skrivanek, mperina, mrehak, rsroka, sbeal, sbonazzo, security-response-team |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | sudo 1.9.12p2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user (usually root). The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a file using sudoedit.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-02-12 09:39:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2161216, 2161217, 2161218, 2161219, 2161220, 2161221, 2161222, 2161223, 2161224, 2161225, 2161268, 2162041, 2162042, 2164759, 2186685, 2186686, 2186687 | ||
Bug Blocks: | 2160742 |
Description
Sandipan Roy
2023-01-16 05:26:29 UTC
Do we have a reproducer? Created sudo tracking bugs for this issue: Affects: fedora-36 [bug 2162041] Affects: fedora-37 [bug 2162042] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:0280 https://access.redhat.com/errata/RHSA-2023:0280 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0282 https://access.redhat.com/errata/RHSA-2023:0282 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0283 https://access.redhat.com/errata/RHSA-2023:0283 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0281 https://access.redhat.com/errata/RHSA-2023:0281 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0284 https://access.redhat.com/errata/RHSA-2023:0284 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:0292 https://access.redhat.com/errata/RHSA-2023:0292 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2023:0287 https://access.redhat.com/errata/RHSA-2023:0287 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0293 https://access.redhat.com/errata/RHSA-2023:0293 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:0291 https://access.redhat.com/errata/RHSA-2023:0291 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-22809 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-22809 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2023:0859 https://access.redhat.com/errata/RHSA-2023:0859 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Via RHSA-2023:3264 https://access.redhat.com/errata/RHSA-2023:3264 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Via RHSA-2023:3262 https://access.redhat.com/errata/RHSA-2023:3262 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2023:3276 https://access.redhat.com/errata/RHSA-2023:3276 |