PT-2023-1077 · Sudo+11 · Sudo+11
Matthieu Barjole
+1
·
Published
2023-01-18
·
Updated
2025-09-29
·
CVE-2023-22809
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sudo versions 1.8.0 through 1.9.12p1
Description
The issue is related to the sudoedit feature in Sudo, which mishandles extra arguments passed in user-provided environment variables, such as
SUDO EDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process, leading to privilege escalation. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism. For example, an EDITOR value like 'vim -- /path/to/extra/file' can be used to exploit this issue.Recommendations
For versions 1.8.0 through 1.9.12p1, update to a version newer than 1.9.12p2 to resolve the issue. As a temporary workaround, consider restricting the use of the
sudoedit feature or limiting the environment variables that can be used with it. Additionally, avoid using the EDITOR variable with arguments that could defeat the protection mechanism, such as those containing "--".Exploit
Fix
Protection Mechanism Failure
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Sudo
Suse
Ubuntu