AS-2023-001: Sudo

2023-02-20

Severity

Moderate

Status

Resolved

Statement

A flaw in exists in sudo’s -e option (aka sudoedit) that allows a malicious user with sudoedit privileges to edit arbitrary files. Sudo versions 1.8.0 through 1.9.12p1 inclusive are affected. Versions of sudo prior to 1.8.0 construct the argument vector differently and are not affected.

CVE-2023-22809 affected ASUSTOR products with ADM 4.0 and later.

Sudo package has been updated on ADM 4.2.0.RE71 and ADM 4.0.6.REG2 to fix these potential vulnerabilities.

Affected Products

Product	Severity	Fixed Release Availability
ADM 4.2	Moderate	Upgrade to 4.2.0.RE71 or above.
ADM 4.0	Moderate	Upgrade to 4.0.6.REG2 or above.

Detail

CVE-2023-22809
- Severity: Moderate
- In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1.

Reference

Revision

Revision	Date	Description
1	2023-02-01	Initial public release.
2	2023-02-08	Release ADM 4.2.0.RE71 to update Sudo package for fixing these potential vulnerabilities.
3	2023-02-20	Release ADM 4.0.6.REG2 to update Sudo package for fixing these potential vulnerabilities.

Pessoal to Home

Lar de Power User

Power User to Business

Pequenas e Médias Empresas

Todos os produtos

Acessórios

aplicativos de Desktop

AS-2023-001: Sudo

Moderate

Resolved

Statement

Affected Products

Detail

Reference

Revision

Suporte

ASUSTOR online

Sobre nós

Outros serviços

Pessoal to Home

Lar de Power User

Power User to Business

Pequenas e Médias Empresas

Unidades de expansão

Todos os produtos

Acessórios

Guia NAS Buying

O que é ADM

NAS Apps

Tente agora

Recursos

Formulários

usuários domésticos / Criadores de conteúdo

aplicativos de Desktop

Aplicativos móveis

O que há de novo

O que é Centro de Vigilância

Tente agora

Programa Beta vigilância

Recursos

Suporte

Suporte

Ferramentas

ASUSTOR online

Outro serviço

Segurança

regiões

Outro serviço

Seja nosso parceiro

procurar

AS-2023-001: Sudo

Moderate

Resolved

Statement

Affected Products

Detail

Reference

Revision

Suporte

ASUSTOR online

Sobre nós

Outros serviços