CVE-2023-22809: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. Please bump to 1.9.12p2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9221536c0eb35c149399339abe2edcca58c2b091 commit 9221536c0eb35c149399339abe2edcca58c2b091 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-18 21:51:42 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-18 21:51:42 +0000 app-admin/sudo: add 1.9.12_p2 Bug: https://bugs.gentoo.org/891335 Signed-off-by: Sam James <sam@gentoo.org> app-admin/sudo/Manifest | 2 + app-admin/sudo/sudo-1.9.12_p2.ebuild | 286 +++++++++++++++++++++++++++++++++++ 2 files changed, 288 insertions(+)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=81c8110bb9b2773a088b16cce1850f93198cb68f commit 81c8110bb9b2773a088b16cce1850f93198cb68f Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 09:53:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 09:54:23 +0000 [ GLSA 202305-12 ] sudo: Root Privilege Escalation Bug: https://bugs.gentoo.org/891335 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-12.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)