Victor Cutillas

Pesquisador deSynacktiv
#14674de 53,638
18.4CVSS total
Vulnerabilidades · 3
Média
2
Alta
1
PT-2023-1077
7.8
2023-01-18
Sudo · Sudo · CVE-2023-22809
**Name of the Vulnerable Software and Affected Versions** Sudo versions 1.8.0 through 1.9.12p1 **Description** The issue is related to the sudoedit feature in Sudo, which mishandles extra arguments passed in user-provided environment variables, such as `SUDO EDITOR`, `VISUAL`, and `EDITOR`. This allows a local attacker to append arbitrary entries to the list of files to process, leading to privilege escalation. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism. For example, an `EDITOR` value like `'vim -- /path/to/extra/file'` can be used to exploit this issue. **Recommendations** For versions 1.8.0 through 1.9.12p1, update to a version newer than 1.9.12p2 to resolve the issue. As a temporary workaround, consider restricting the use of the `sudoedit` feature or limiting the environment variables that can be used with it. Additionally, avoid using the `EDITOR` variable with arguments that could defeat the protection mechanism, such as those containing "--".
PT-2023-3591
5.3
2023-01-18
Sudo · Sudo · CVE-2023-28486
**Name of the Vulnerable Software and Affected Versions** Sudo versions prior to 1.9.13 **Description** The issue is related to a lack of proper encoding or escaping of output in the Sudo program, which can be exploited by a remote attacker to gain access to confidential data. The problem specifically involves Sudo not escaping control characters in log messages. **Recommendations** For versions prior to 1.9.13, update to version 1.9.13 or later to resolve the issue. As a temporary workaround, consider restricting access to log messages to minimize the risk of exploitation.
PT-2023-3592
5.3
2023-01-18
Sudo · Sudo · CVE-2023-28487
**Name of the Vulnerable Software and Affected Versions** Sudo versions prior to 1.9.13 **Description** The issue is related to a lack of proper encoding or escaping of output in the Sudo program, specifically in the sudoreplay output. This allows an attacker to potentially gain access to confidential data. The issue is associated with the inability of Sudo to escape control characters in the output. **Recommendations** For versions prior to 1.9.13, update to version 1.9.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the sudoreplay output until a patch is applied.