USN-5811-2: Sudo vulnerability

USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has...

USN-5811-1: Sudo vulnerabilities

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files. CVE-2023-22809 It was discovered that the...

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

AZL-13030 CVE-2023-22809 affecting package sudo for versions less than 1.9.12p2-1

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

Design/Logic Flaw

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

CVE-2023-22809

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

[SECURITY] [DSA 5321-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5321-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 18, 2023 https://www.debian.org/security/faq -...

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

Critical Photon OS Security Update - PHSA-2023-0316

Updates of 'openvswitch', 'sudo' packages of Photon OS have been released...

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

CVE-2023-22809

CVE-2023-22809 affects sudo prior to 1.9.12p2, where the sudoedit (-e) feature mishandles extra arguments passed via environment variables SUDO_EDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process, enabling privilege escalation. The ...

DLA-3272-1 sudo - security update

Bulletin has no description...

DSA-5321-1 sudo - security update

Bulletin has no description...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current sudo Vulnerability (SSA:2023-018-01)

The version of git installed on the remote host is prior to 2.30.7 / 2.35.6 / 2.39.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-018-01 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provide...

PT-2023-3592 · Sudo +10 · Sudo +10

Name of the Vulnerable Software and Affected Versions: Sudo versions prior to 1.9.13 Description: The issue is related to a lack of proper encoding or escaping of output in the Sudo program, specifically in the sudoreplay output. This allows an attacker to potentially gain access to confidential...

PT-2023-3591

Name of the Vulnerable Software and Affected Versions Sudo versions prior to 1.9.13 Description The issue is related to a lack of proper encoding or escaping of output in the Sudo program, which can be exploited by a remote attacker to gain access to confidential data. The problem specifically...

PT-2023-1077 · Sudo +11 · Sudo +11

Name of the Vulnerable Software and Affected Versions: Sudo versions 1.8.0 through 1.9.12p1 Description: The issue is related to the sudoedit feature in Sudo, which mishandles extra arguments passed in user-provided environment variables, such as SUDO EDITOR, VISUAL, and EDITOR. This allows a loc...