CVE-2021-23239

CWE-59CWE-367CWE-2039 documents8 sources
Severity
2.5LOW
EPSS
0.2%
top 64.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Sudo Project SudoDebian Debian LinuxFedoraproject Fedora
Timeline
PublishedJan 12
Latest updateMay 24

Description

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages3 packages

NVDsudo_project/sudo1.9.01.9.5+1
Debiansudo< 1.9.5-1+3
Ubuntusudo< 1.8.16-0ubuntu1.10+2

Also affects: Debian Linux 10.0, Fedora 32, 33

🔴Vulnerability Details

4
GHSA
GHSA-wfrc-r682-56qv: The sudoedit personality of Sudo before 12022-05-24
OSV
sudo vulnerabilities2021-01-26
CVEList
CVE-2021-23239: The sudoedit personality of Sudo before 12021-01-12
OSV
CVE-2021-23239: The sudoedit personality of Sudo before 12021-01-12

📋Vendor Advisories

4
Ubuntu
Sudo vulnerabilities2021-01-26
Microsoft
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled 2021-01-12
Red Hat
sudo: possible directory existence test due to race condition in sudoedit2021-01-11
Debian
CVE-2021-23239: sudo - The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged use...2021
CVE-2021-23239 (LOW CVSS 2.5) | The sudoedit personality of Sudo be | cvebase.io