Vulnerability in the way sudoedit handles user-provided environment variables. This leads to arbitrary file write with privileges of the RunAs user (usually root). The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a file using sudoedit. This issue affects all Sudo versions <= 1.9.12p1 and was assigned CVE-2023-22809.
Do we have a reproducer?
Created sudo tracking bugs for this issue: Affects: fedora-36 [bug 2162041] Affects: fedora-37 [bug 2162042]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:0280 https://access.redhat.com/errata/RHSA-2023:0280
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0282 https://access.redhat.com/errata/RHSA-2023:0282
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:0283 https://access.redhat.com/errata/RHSA-2023:0283
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:0281 https://access.redhat.com/errata/RHSA-2023:0281
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0284 https://access.redhat.com/errata/RHSA-2023:0284
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:0292 https://access.redhat.com/errata/RHSA-2023:0292
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2023:0287 https://access.redhat.com/errata/RHSA-2023:0287
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:0293 https://access.redhat.com/errata/RHSA-2023:0293
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:0291 https://access.redhat.com/errata/RHSA-2023:0291
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-22809
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2023:0859 https://access.redhat.com/errata/RHSA-2023:0859
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Via RHSA-2023:3264 https://access.redhat.com/errata/RHSA-2023:3264
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Via RHSA-2023:3262 https://access.redhat.com/errata/RHSA-2023:3262
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2023:3276 https://access.redhat.com/errata/RHSA-2023:3276