Impact of Sudo Vulnerability CVE-2023-22809

The Palo Alto Networks Product Security Assurance team has evaluated the sudo software vulnerability CVE-2023-22809 and has determined that the following Palo Alto Networks products do not expose the sudo program and, therefore, do not offer any scenarios required for successful exploitation of...

EulerOS 2.0 SP8 : sudo (EulerOS-SA-2023-1337)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a...

Amazon Linux AMI : sudo, sudo-devel (ALAS-2023-1682)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1682 advisory. In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append...

[SECURITY] Fedora 36 Update: sudo-1.9.12-2.p2.fc36

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Fedora: Security Advisory for sudo (FEDORA-2023-298c136eee)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Important: sudo

Issue Overview: In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege...

Fedora 36 : sudo (2023-298c136eee)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-298c136eee advisory. Rebase to sudo 1.9.12p2 - security fix for CVE-2023-22809 Tenable has extracted the preceding description block directly from the Fedora security advisory...

OESA-2023-1049 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandl...

K86488846: Sudo vulnerability CVE-2021-3156

Security Advisory Description Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. CVE-2021-3156 Impact A local attacker can exploit the vulnerability to escalate thei...

Advisory ROSA-SA-2023-2075

Software: sudo 1.8.23 OS: rosa-server79 packageevrstring: sudo-1.8.23-11 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: HIGH CVE-DESC: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional arguments in environmen...

CentOS: Security Advisory for sudo (CESA-2023:0291)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-1296)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5811-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sudo security update

CentOS Errata and Security Advisory CESA-2023:0291 An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

USN-5811-3: Sudo vulnerability

USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has...

EulerOS Virtualization 3.0.2.2 : sudo (EulerOS-SA-2023-1296)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by...

CentOS 7 : sudo (RHSA-2023:0291)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0291 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...

Heap-Based Buffer Over-Read

sudo is vulnerable to Heap-Based Buffer Over-Read. The vulnerability exists in crypt password backend, which contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that may result in a heap-based buffer over-read, that can be triggered by arbitrary local users with access to Sudo by...

AlmaLinux 9 : sudo (ALSA-2023:0282)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:0282 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and EDITOR...

MGASA-2023-0025 Updated sudo packages fix security vulnerability

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...