CVE-2023-42456 – sudo-rs Session File Relative Path Traversal vulnerability

https://notcve.org/view.php?id=CVE-2023-42456

21 Sep 2023 — Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt... • http://www.openwall.com/lists/oss-security/2023/11/02/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •