CVE-2023-22809

Published on: Not Yet Published

Last Modified on: 05/23/2023 04:15:00 PM UTC

CVE-2023-22809

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

CVE-2023-22809 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVE References

Description	Tags ^ⓘ	Link
[SECURITY] [DLA 3272-1] sudo security update	lists.debian.org text/html	MLIST [debian-lts-announce] 20230118 [SECURITY] [DLA 3272-1] sudo security update
CVE-2023-22809 Sudo Vulnerability in NetApp Products \| NetApp Product Security	security.netapp.com text/html	CONFIRM security.netapp.com/advisory/ntap-20230127-0015/
Sudoedit can edit arbitrary files \| Sudo	www.sudo.ws text/html	CONFIRM www.sudo.ws/security/advisories/sudoedit_any/
sudo 1.9.12p1 Privilege Escalation ≈ Packet Storm	packetstormsecurity.com text/html	MISC packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html
oss-security - CVE-2023-22809: Sudoedit can edit arbitrary files	www.openwall.com text/html	MLIST [oss-security] 20230119 CVE-2023-22809: Sudoedit can edit arbitrary files
[SECURITY] Fedora 36 Update: sudo-1.9.12-2.p2.fc36 - package-announce - Fedora Mailing-Lists	lists.fedoraproject.org text/html	FEDORA FEDORA-2023-298c136eee
[SECURITY] Fedora 37 Update: sudo-1.9.12-1.p2.fc37 - package-announce - Fedora Mailing-Lists	lists.fedoraproject.org text/html	FEDORA FEDORA-2023-9078f609e6
sudo: Root Privilege Escalation (GLSA 202305-12) — Gentoo security	security.gentoo.org text/html	GENTOO GLSA-202305-12
Sudoedit Extra Arguments Privilege Escalation ≈ Packet Storm	packetstormsecurity.com text/html	MISC packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html
	www.synacktiv.com application/pdf	MISC www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
Debian -- Security Information -- DSA-5321-1 sudo	www.debian.org Depreciated Link text/html	DEBIAN DSA-5321

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

160406 Oracle Enterprise Linux Security Update for sudo (ELSA-2023-0284)
160407 Oracle Enterprise Linux Security Update for sudo (ELSA-2023-0282)
160409 Oracle Enterprise Linux Security Update for sudo (ELSA-2023-0291)
160480 Oracle Enterprise Linux Security Update for sudo (ELSA-2023-12143)
181480 Debian Security Update for sudo (DLA 3272-1)
181482 Debian Security Update for sudo (DSA 5321-1)
199112 Ubuntu Security Notification for Sudo Vulnerabilities (USN-5811-1)
241081 Red Hat Update for sudo (RHSA-2023:0284)
241082 Red Hat Update for sudo (RHSA-2023:0291)
241083 Red Hat Update for sudo (RHSA-2023:0282)
241086 Red Hat Update for sudo (RHSA-2023:0283)
241088 Red Hat Update for sudo (RHSA-2023:0281)
241102 Red Hat Update for sudo (RHSA-2023:0293)
257216 CentOS Security Update for sudo (CESA-2023:0291)
283623 Fedora Security Update for sudo (FEDORA-2023-9078f609e6)
283684 Fedora Security Update for sudo (FEDORA-2023-298c136eee)
354717 Amazon Linux Security Advisory for sudo : ALAS-2023-1682
354795 Amazon Linux Security Advisory for sudo : ALAS2-2023-1985
355060 Amazon Linux Security Advisory for sudo : AL2012-2023-384
355189 Amazon Linux Security Advisory for sudo : ALAS2023-2023-106
377949 Alibaba Cloud Linux Security Update for sudo (ALINUX2-SA-2023:0004)
377956 Alibaba Cloud Linux Security Update for sudo (ALINUX3-SA-2023:0010)
390274 Oracle VM Server for x86 Security Update for sudo (OVMSA-2023-0003)
502641 Alpine Linux Security Update for sudo
672748 EulerOS Security Update for sudo (EulerOS-SA-2023-1484)
672782 EulerOS Security Update for sudo (EulerOS-SA-2023-1459)
672812 EulerOS Security Update for sudo (EulerOS-SA-2023-1541)
672824 EulerOS Security Update for sudo (EulerOS-SA-2023-1566)
672873 EulerOS Security Update for sudo (EulerOS-SA-2023-1611)
672909 EulerOS Security Update for sudo (EulerOS-SA-2023-1770)
672957 EulerOS Security Update for sudo (EulerOS-SA-2023-1792)
710720 Gentoo Linux sudo Root Privilege Escalation Vulnerability (GLSA 202305-12)
753539 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2023:0101-1)
753544 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2023:0115-1)
753545 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2023:0114-1)
753548 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2023:0116-1)
753551 SUSE Enterprise Linux Security Update for sudo (SUSE-SU-2023:0117-1)
905272 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (13022)
905278 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (13030)
905610 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (13030-1)
905669 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (13022-1)
906607 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (13022-3)
906679 Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (13030-3)
940889 AlmaLinux Security Update for sudo (ALSA-2023:0284)
940892 AlmaLinux Security Update for sudo (ALSA-2023:0282)
960526 Rocky Linux Security Update for sudo (RLSA-2023:0282)
960581 Rocky Linux Security Update for sudo (RLSA-2023:0284)

Exploit/POC from Github

CVE-2023-22809 Linux Sudo

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Application	Sudo Project	Sudo	All	All	All	All
Application	Sudo Project	Sudo	1.9.12	-	All	All
Application	Sudo Project	Sudo	1.9.12	p1	All	All

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*:
cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*:
cpe:2.3:a:sudo_project:sudo:1.9.12:-:*:*:*:*:*:*:
cpe:2.3:a:sudo_project:sudo:1.9.12:p1:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@Synacktiv	Watchout! CVE-2023-22809 on Sudo was patched today to prevent a privilege escalation on sudoedit. Read the security… twitter.com/i/web/status/1…	2023-01-18 15:28:18
@SudoProject	#Sudo version 1.9.12p2 is now available which includes a fix for CVE-2023-22809, a bug that could allow a user with… twitter.com/i/web/status/1…	2023-01-18 15:54:21
@SudoProject	For more details on CVE-2023-22809, see sudo.ws/security/advis…	2023-01-18 16:00:27
@OpenBSD_ports	[email protected] modified security/sudo: Update to sudo 1.9.12p2, which includes a fix for CVE-2023-22809. Fixes a bug that… twitter.com/i/web/status/1…	2023-01-18 16:25:22
@hdk_2	cve.org/CVERecord?id=C… sudoedit なんてコマンドがあったのか...	2023-01-18 16:27:06
@CVEreport	CVE-2023-22809 : In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the us… twitter.com/i/web/status/1…	2023-01-18 17:05:21
@TH3xACE	#CVE-2023-22809 #SUDO_KILLER A new disclosed vuln in sudo, the flaw in exists in sudo’s -e option (aka sudoedit) t… twitter.com/i/web/status/1…	2023-01-18 17:11:15
@OpenBSD_ports	OPENBSD_7_2 [email protected] modified security/sudo: MFC: Update to sudo 1.9.12p2, which includes a fix for CVE-2023-22809. F… twitter.com/i/web/status/1…	2023-01-18 19:25:23
@OpenBSD_stable	OPENBSD_7_2 [email protected] modified security/sudo: MFC: Update to sudo 1.9.12p2, which includes a fix for CVE-2023-22809. F… twitter.com/i/web/status/1…	2023-01-18 19:25:24
/r/linux	SUDO vulnerability	2023-02-11 07:38:25
/r/cybersecurity	sudo vulnerability exposed	2023-02-11 09:10:03
/r/hacking	sudo vulnerability exposed	2023-02-12 18:48:01
/r/u/ptkrisada	How to bypass sudo — exploit cve-2023–22809 vulnerability	2023-02-22 03:17:19
/r/InfoSecNews	How to bypass sudo — exploit cve-2023–22809 vulnerability	2023-02-26 20:54:09
/r/securityCTF	Sudo vulnerability	2023-02-26 20:53:27
/r/devops	SUDO exploit	2023-03-01 19:55:59
/r/SecOpsDaily	How to bypass sudo — exploit cve-2023–22809 vulnerability	2023-03-11 07:09:24
/r/qnap	QTS 5.0.1.2346 firmware released	2023-03-29 10:39:37
/r/spixnet_gmbh_official	QNAP warns customers to patch Linux Sudo flaw in NAS devices	2023-04-04 08:30:04