CVE-2023-42465 – sudo: Targeted Corruption of Register and Stack Variables
https://notcve.org/view.php?id=CVE-2023-42465
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. Sudo anterior a 1.9.15 podría permitir row hammer attacks (para eludir la autenticación o escalar privilegios) porque la lógica de la aplicación a veces se basa en no igualar un valor de error (en lugar de igualar un valor de éxito) y porque los valores no resisten los cambios de un solo bit. A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user. • https://arxiv.org/abs/2309.02545 https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ https://security.gentoo.org/glsa/202401-29 https://security.netapp.com/advisory/ntap-20240208-0002 • CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVE-2023-28487 – sudo: Sudo does not escape control characters in sudoreplay output
https://notcve.org/view.php?id=CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html https://security.gentoo.org/glsa/202309-12 https://security.netapp.com/advisory/ntap-20230420-0002 https://access.redhat.com/security/cve/CVE-2023-28487 https://bugzilla.redhat.com/show_bug.cgi?id=2179273 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVE-2023-28486 – sudo: Sudo does not escape control characters in log messages
https://notcve.org/view.php?id=CVE-2023-28486
Sudo before 1.9.13 does not escape control characters in log messages. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information. • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html https://security.gentoo.org/glsa/202309-12 https://security.netapp.com/advisory/ntap-20230420-0002 https://access.redhat.com/security/cve/CVE-2023-28486 https://bugzilla.redhat.com/show_bug.cgi?id=2179272 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVE-2023-27320
https://notcve.org/view.php?id=CVE-2023-27320
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. • http://www.openwall.com/lists/oss-security/2023/03/01/8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU https://security.gentoo.org/glsa/202309-12 https://security.netapp.com/advisory/ntap-20230413-0009 https: • CWE-415: Double Free •
CVE-2023-22809 – sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. En Sudo anterior a 1.9.12p2, la función sudoedit (también conocida como -e) maneja mal argumentos adicionales pasados en las variables de entorno proporcionadas por el usuario (SUDO_EDITOR, VISUAL y EDITOR), permitiendo a un atacante local agregar entradas arbitrarias a la lista de archivos para procesar. . • https://www.exploit-db.com/exploits/51217 https://github.com/n3m1sys/CVE-2023-22809-sudoedit-privesc https://github.com/Chan9Yan9/CVE-2023-22809 https://github.com/Toothless5143/CVE-2023-22809 https://github.com/3yujw7njai/CVE-2023-22809-sudo-POC https://github.com/pashayogi/CVE-2023-22809 https://github.com/M4fiaB0y/CVE-2023-22809 https://github.com/asepsaepdin/CVE-2023-22809 https://github.com/AntiVlad/CVE-2023-22809 http://packetstormsecurity.com/files/171644/sudo-1.9.12p • CWE-269: Improper Privilege Management •