Lucene search
F5F5:K000132667HistoryFeb 20, 2023 - 12:00 a.m.
K000132667 : Sudo vulnerability CVE-2023-22809
2023-02-2000:00:00
my.f5.com
12
sudo
vulnerability
cve-2023-22809
mishandles
user-provided
environment variables
privilege escalation
affected versions
protection mechanism
f5 products
Security Advisory Description
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a “–” argument that defeats a protection mechanism, e.g., an EDITOR=‘vim – /path/to/extra/file’ value. (CVE-2023-22809)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
nessus
nessus
AlmaLinux 9 : sudo (ALSA-2023:0282)
2023-01-25 00:00:00
CentOS 7 : sudo (RHSA-2023:0291)
2023-01-30 00:00:00
Amazon Linux AMI : (ALAS-2023-1682)
2023-02-06 00:00:00
amazon
amazon
Important: sudo
2023-03-02 22:36:00
Important: sudo
2023-01-31 20:44:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2075
2023-01-31 12:50:07
Advisory ROSA-SA-2024-2396
2024-04-11 07:39:43
githubexploit
githubexploit
Exploit for Improper Privilege Management in Sudo Project Sudo
2023-06-20 00:38:08
Exploit for Improper Privilege Management in Sudo Project Sudo
2023-08-06 06:46:40
Exploit for Improper Privilege Management in Sudo Project Sudo
2023-06-08 18:39:44
cbl_mariner
cbl_mariner
CVE-2023-22809 affecting package sudo for versions less than 1.9.12p2-1
2023-02-24 01:54:46
CVE-2023-22809 affecting package sudo 1.9.12p1-1
2023-03-02 04:18:33
osv
osv
sudo vulnerability
2023-01-30 13:51:21
Important: sudo security update
2023-01-23 08:22:52
Important: sudo security update
2023-01-23 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-1484)
2023-03-09 00:00:00
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-1541)
2023-03-20 00:00:00
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-1459)
2023-03-09 00:00:00
almalinux
almalinux
Important: sudo security update
2023-01-23 00:00:00
Important: sudo security update
2023-01-23 00:00:00
redhat
redhat
(RHSA-2023:0282) Important: sudo security update
2023-01-23 08:22:52
(RHSA-2023:0281) Important: sudo security update
2023-01-23 08:22:49
(RHSA-2023:0283) Important: sudo security update
2023-01-23 08:22:53
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-06-02 16:20:56
cve
cve
CVE-2023-22809
2023-01-18 17:15:10
mageia
mageia
Updated sudo packages fix security vulnerability
2023-01-24 10:58:25
gentoo
gentoo
sudo: Root Privilege Escalation
2023-05-03 00:00:00
redos
redos
ROS-20230124-01
2023-01-24 00:00:00
rocky
rocky
sudo security update
2023-01-23 08:22:52
sudo security update
2023-01-23 08:23:15
debiancve
debiancve
CVE-2023-22809
2023-01-18 17:15:10
prion
prion
Design/Logic Flaw
2023-01-18 17:15:00
oraclelinux
oraclelinux
sudo security update
2023-01-23 00:00:00
sudo security update
2023-02-28 00:00:00
sudo security update
2023-01-24 00:00:00
zdt
zdt
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit
2023-04-03 00:00:00
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification Vulnerability
2023-08-20 00:00:00
Sudoedit Extra Arguments Privilege Escalation Exploit
2023-05-23 00:00:00
paloalto
paloalto
Impact of Sudo Vulnerability CVE-2023-22809
2023-02-08 17:00:00
cloudlinux
cloudlinux
sudo: Fix of CVE-2023-22809
2023-02-09 23:32:51
ubuntucve
ubuntucve
CVE-2023-22809
2023-01-18 00:00:00
ubuntu
ubuntu
Sudo vulnerability
2023-01-18 00:00:00
Sudo vulnerability
2023-01-30 00:00:00
Sudo vulnerabilities
2023-01-18 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: sudo-1.9.12-2.p2.fc36
2023-02-05 01:54:10
[SECURITY] Fedora 37 Update: sudo-1.9.12-1.p2.fc37
2023-01-22 01:52:00
debian
debian
[SECURITY] [DLA 3272-1] sudo security update
2023-01-18 15:43:20
[SECURITY] [DSA 5321-1] sudo security update
2023-01-18 15:39:21
nvd
nvd
CVE-2023-22809
2023-01-18 17:15:10
cvelist
cvelist
CVE-2023-22809
2023-01-18 00:00:00
centos
centos
sudo security update
2023-01-30 16:44:19
packetstorm
packetstorm
Sudoedit Extra Arguments Privilege Escalation
2023-05-23 00:00:00
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification
2023-08-18 00:00:00
sudo 1.9.12p1 Privilege Escalation
2023-04-03 00:00:00
metasploit
metasploit
Sudoedit Extra Arguments Priv Esc
2023-04-25 08:37:33
korelogic
korelogic
redhatcve
redhatcve
CVE-2023-22809
2023-01-18 16:36:30
alpinelinux
alpinelinux
CVE-2023-22809
2023-01-18 17:15:10
veracode
veracode
Privilege Escalation
2023-01-20 21:08:45
exploitdb
exploitdb
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
2023-04-03 00:00:00
cloudfoundry
cloudfoundry
USN-5811-1: Sudo vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-0316
2023-01-18 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0316
2023-01-18 00:00:00
Important Photon OS Security Update - PHSA-2023-0518
2023-01-19 00:00:00
ibm
ibm
mssecure
mssecure
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
mmpc
mmpc
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
apple
apple
About the security content of macOS Ventura 13.4
2023-05-18 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00