Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2023-22809

Published: 18/01/2023 Updated: 05/02/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Subscribe to Sudo

Vulnerability Summary

In Sudo prior to 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local malicious user to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 up to and including 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sudo project sudo 1.9.12

sudo project sudo

debian debian linux 10.0

debian debian linux 11.0

fedoraproject fedora 37

Vendor Advisories

Ubuntu Security Notice: USN-5811-2: Sudo vulnerability
Sudo could be made to possibly edit arbitrary files if it received a specially crafted input ...
Ubuntu Security Notice: USN-5811-1: Sudo vulnerabilities
Several security issues were fixed in Sudo ...
Red Hat: Important: sudo security update
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for sudo is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 Telecommu ...
Red Hat: Important: sudo security update
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for sudo is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Important: sudo security update
Synopsis Important: sudo security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for sudo is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a securi ...
Debian Security Advisories: DSA-5321-1 sudo -- security update
Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle '--' to separate the editor and arguments from files to edit A local user permitted to edit certain files can take advantage of this flaw to edit a file not permitted by the ...
Red Hat: Important: Red Hat Virtualization Host 4.4.z SP 1 security update batch#4 (oVirt-4.5.3-4)
Synopsis Important: Red Hat Virtualization Host 44z SP 1 security update batch#4 (oVirt-453-4) Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for redhat-release-virtualization-host and redhat-virtualization ...
Amazon Linux AMI: ALAS-2023-1682
In Sudo before 1912p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process This can lead to privilege escalation Affected versions are 180 through 1912p1 The proble ...
Red Hat:
Description<!---->A vulnerability was found in sudo Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user (usually root) The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a file using sudoeditA vulnerability ...
Amazon Linux 2: ALAS2-2023-1985
In Sudo before 1912p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process This can lead to privilege escalation Affected versions are 180 through 1912p1 The proble ...
Palo Alto Networks Security Advisory: CVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809
CVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809 ...

Github Repositories

CVE-2023-22809-privilege-escalation Privilege escalation memanfaatkan sudoedit CVE-2023-22809 In Sudo before 1912p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process This can lead to privilege escal

CVE-2023-22809 In Sudo before 1912p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process This can lead to privilege escalation Affected versions are 180 through 1912p1 The problem exists becaus

CVE-2023-22809 Ref: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2023-22809 Exploit Title: sudo 180 - 1912p1 - Privilege Escalation Exploit Author: n3m1sys CVE: CVE-2023-22809 Date: 2023/01/21 Vendor Homepage: wwwsudows/ Software Link: wwwsudows/dist/sudo-1912p1targz Version: 180 to 1912p1 Tested on: Ubuntu Server 2204 - vim 824919 - su

Rdoedit (RootDO edit) Minimal alternative to sudoedit This project aims to be a minimal alternative to sudoedit Sudoedit by itself is over 700 lines of code by itself, not including all the header files or the fact that it's part of sudo There is no reason why such a simple app should be so bloated of come bundled with bloat like sudo This readme is likely more verbose

Hi there My name is Martín, aka n3m1sys on Internet I'm a cybersecurity consultant and ethical hacker What do I do? I do not program very frequently Sometimes I develop exploit scripts, and simple programs to automate things List of exploits I developed githubcom/n3m1dotsys/CVE-2023-22809-sudoedit-privesc githubcom/n3m1dotsys/CVE-2018-1676

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 304 2023-03-18T21:10:14Z Windows_LPE_AFD_CVE-2023-21768 githubcom/chompie1337/Wi

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 323 2023-03-23T01:27:35Z Windows_LPE_AFD_CVE-2023-21768 githubcom/chompie1337/Wi

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2012 year top total 30 2011 year top total 30 2010 year top total 30 2009 year top total 30 2008 year top to

References

CWE-269https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdfhttps://www.sudo.ws/security/advisories/sudoedit_any/https://lists.debian.org/debian-lts-announce/2023/01/msg00012.htmlhttps://www.debian.org/security/2023/dsa-5321http://www.openwall.com/lists/oss-security/2023/01/19/1https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/https://security.netapp.com/advisory/ntap-20230127-0015/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/https://ubuntu.com/security/notices/USN-5811-2https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-26498open redirectCVE-2023-22261CVE-2023-1410path traversalCVE-2023-28759cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook