In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | sudo | 2023-01-31 20:44 | ALAS-2023-1682 |
Amazon Linux 2 - Core | sudo | 2023-03-02 22:36 | ALAS2-2023-1985 |
Amazon Linux 2023 | sudo | 2023-02-17 20:48 | ALAS2023-2023-106 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 8.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |