CVE-2021-23239
published 2021-01-12CVE-2021-23239: The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race…
low2.5CVSS 3.1
AVLACHPRLUINSUCLINAN
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | sudo | < sudo 1.9.5-1 (bookworm) | sudo 1.9.5-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | sudo-1.9.5p2-2.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | sudo-1.9.5p2-2.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| msrc | sudo-debuginfo-1.9.5p2-2.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | sudo-debuginfo-1.9.5p2-2.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| sudo_project | sudo | < 1.8.32 | 1.8.32 |
| sudo_project | sudo | >= 0 < 1.9.5-1 | 1.9.5-1 |
| sudo_project | sudo | >= 0 < 1.9.5-1 | 1.9.5-1 |
| sudo_project | sudo | >= 0 < 1.9.5-1 | 1.9.5-1 |
| sudo_project | sudo | >= 0 < 1.9.5-1 | 1.9.5-1 |
| sudo_project | sudo | >= 0 < 1.8.16-0ubuntu1.10 | 1.8.16-0ubuntu1.10 |
| sudo_project | sudo | >= 0 < 1.8.21p2-3ubuntu1.4 | 1.8.21p2-3ubuntu1.4 |
| sudo_project | sudo | >= 0 < 1.8.31-1ubuntu1.2 | 1.8.31-1ubuntu1.2 |
| sudo_project | sudo | >= 1.9.0 < 1.9.5 | 1.9.5 |
CVSS provenance
nvdv3.12.5LOWCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
osv2.5LOW