Lucene search

K
redhatcveRedhat.comRH:CVE-2021-23240
HistoryJan 11, 2021 - 9:26 p.m.

CVE-2021-23240

2021-01-1121:26:13
redhat.com
access.redhat.com
24
cve-2021-23240
race condition
sudoedit
selinux
rbac
local privilege escalation
file ownership
symbolic link protection
symbolic link
enforcement mode
sesh binary

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

40.7%

A race condition vulnerability was found in the temporary file handling of sudoedit’s SELinux RBAC support. On systems where SELinux is enabled, this flaw allows a malicious user with sudoedit permissions to set the owner of an arbitrary file to the user ID of the target user, potentially leading to local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Mitigation

  • Enable SELinux in enforcing mode.
  • Enable the symbolic link protection (/proc/sys/fs/protected_symlinks set to 1).
  • Remove the sesh binary (/usr/libexec/sudo/sesh or /usr/lib/sudo/sesh) if SELinux RBAC support is not needed.

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

40.7%