Oval Definition:	oval:org.opensuse.security:def:202322809
Revision Date: 2023-06-22 Version: 1 Title: CVE-2023-22809 Description: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2023-22809 SUSE CVE-2023-22809 SUSE-CU-2023:191-1 SUSE-CU-2023:193-1 SUSE-CU-2023:194-1 SUSE-CU-2023:195-1 SUSE-IU-2023:139-1 SUSE-IU-2023:141-1 SUSE-IU-2023:142-1 SUSE-SU-2023:0100-1 SUSE-SU-2023:0101-1 SUSE-SU-2023:0114-1 SUSE-SU-2023:0115-1 SUSE-SU-2023:0116-1 SUSE-SU-2023:0117-1 SUSE-CU-2023:496-1 SUSE-CU-2023:500-1 SUSE-CU-2023:511-1 SUSE-IU-2023:158-1 SUSE-IU-2023:159-1 SUSE-IU-2023:164-1 Platform(s): SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Product(s): Definition Synopsis SUSE Linux Enterprise Micro 5.3 is installed AND sudo-1.9.9-150400.4.12.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP5 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND Package Information sudo-1.9.12p1-150500.5.1 is installed OR sudo-devel-1.9.12p1-150500.5.1 is installed OR sudo-plugin-python-1.9.12p1-150500.5.1 is installed
BACK