Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
392
VMScore

CVE-2021-23240

Published: 12/01/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Sudo

Vulnerability Summary

selinux_edit_copy_tfiles in sudoedit in Sudo prior to 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sudo project sudo

netapp solidfire -

netapp hci management node -

fedoraproject fedora 32

fedoraproject fedora 33

Vendor Advisories

Arch Linux Issues:
A security issue was found in sudo before version 195 On a system with SELinux in permissive mode, an attacker could use sudoedit to change the ownership of arbitrary files by replacing a temporary file owned by an unprivileged user with a symlink to another file ...

References

CWE-59https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240https://www.sudo.ws/stable.html#1.9.5https://security.gentoo.org/glsa/202101-33https://security.netapp.com/advisory/ntap-20210129-0010/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://nvd.nist.govhttps://security.archlinux.org/CVE-2021-23240
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook