Bug 2179273 (CVE-2023-28487) - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output
Summary: CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay ou...
Keywords:
Status: NEW
Alias: CVE-2023-28487
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2179276 2179277 2182152 2182153
Blocks: 2179004
TreeView+ depends on / blocked
 
Reported: 2023-03-17 07:50 UTC by Sandipan Roy
Modified: 2024-02-14 00:29 UTC (History)
2 users (show)

Fixed In Version: sudo-1.9.13
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:0811 0 None None None 2024-02-14 00:29:32 UTC

Description Sandipan Roy 2023-03-17 07:50:03 UTC
Sudo before 1.9.13 does not escape control characters in sudoreplay output.

https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13

Comment 1 Sandipan Roy 2023-03-17 07:52:00 UTC
Created sudo tracking bugs for this issue:

Affects: fedora-36 [bug 2179276]
Affects: fedora-37 [bug 2179277]

Comment 4 errata-xmlrpc 2024-02-14 00:29:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support
  Red Hat Enterprise Linux 8.8 Extended Update Support
  Red Hat Enterprise Linux 9.0 Extended Update Support
  Red Hat Enterprise Linux 9.2 Extended Update Support
  Red Hat Enterprise Linux 9
  Red Hat Enterprise Linux 8

Via RHSA-2024:0811 https://access.redhat.com/errata/RHSA-2024:0811


Note You need to log in before you can comment on or make changes to this bug.