Local Privilege Escalation Vulnerability in Sudo Product by Sudo
CVE-2021-23239

2.5LOW

Key Information:

Vendor: Sudo Project
Status: Sudo
Vendor: CVE Published:; 12 January 2021

Summary

The sudoedit feature in Sudo versions before 1.9.5 contains a vulnerability that may allow unprivileged users to conduct arbitrary directory-existence checks. This can be exploited through a race condition in the sudo_edit.c file, where an attacker can replace a user-controlled directory with a symlink targeting an arbitrary location, potentially leading to unauthorized file access and privilege escalation.

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23239

https://www.sudo.ws/stable.html#1.9.5

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 12, 2021
Vulnerability Reserved
Jan 7, 2021