Vulnerability CVE-2021-23240

Vulnerability Name:

CVE-2021-23240 (CCN-194530)

Assigned:

2021-01-11

Published:

2021-01-11

Updated:

2021-09-13

Summary:

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

7.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-59
CWE-59

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-23240

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240

Source: XF
Type: UNKNOWN
sudo-cve202123240-symlink(194530)

Source: MLIST
Type: Mailing List, Third Party Advisory
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

Source: MLIST
Type: Mailing List, Third Party Advisory
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

Source: FEDORA
Type: Third Party Advisory
FEDORA-2021-324479472c

Source: FEDORA
Type: Third Party Advisory
FEDORA-2021-234d14bfcc

Source: CCN
Type: oss-sec Mailing List, Mon, 11 Jan 2021 15:05:23 +0100
Various security fixes in sudo 1.9.5 (CVE-2021-23239, CVE-2021-23240)

Source: GENTOO
Type: Third Party Advisory
GLSA-202101-33

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210129-0010/

Source: CCN
Type: IBM Security Bulletin 6520474 (QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Source: CCN
Type: Sudo Web site
Sudo

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://www.sudo.ws/stable.html#1.9.5

Vulnerable Configuration:

Configuration 1:

cpe:/a:sudo_project:sudo:*:*:*:*:*:*:*:* (Version < 1.8.32)

OR cpe:/a:sudo_project:sudo:*:*:*:*:*:*:*:* (Version >= 1.9.0 and < 1.9.5)

Configuration 2:

cpe:/a:netapp:hci_management_node:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:solidfire:-:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sudo_project:sudo:1.9.4:-:*:*:*:*:*:*

AND

cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7812	P	sudo-1.9.12p1-150500.5.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:95312	P	Security update for webkit2gtk3 (Important)	2022-07-22
oval:org.opensuse.security:def:3453	P	clamav-0.101.3-1.19 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3206	P	liblua5_2-32bit-5.2.4-6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3235	P	libpng16-16-1.6.8-14.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94836	P	sudo-1.9.9-150400.2.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94565	P	glibc-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:314	P	sudo-1.9.5p2-1.5 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:365	P	sudo-1.9.9-150400.2.5 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:99500	P	(Important)	2022-03-15
oval:org.opensuse.security:def:1243	P	Security update for the Linux Kernel (Important)	2022-03-08
oval:org.opensuse.security:def:102025	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3) (Important)	2022-03-02
oval:org.opensuse.security:def:113468	P	sudo-1.9.7p2-1.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:99699	P	(Important)	2021-12-06
oval:org.opensuse.security:def:100007	P	(Important)	2021-10-26
oval:org.opensuse.security:def:106865	P	sudo-1.9.7p2-1.4 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:93100	P	(Important)	2021-08-12
oval:org.opensuse.security:def:101090	P	sudo-1.9.5p2-1.5 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62332	P	sudo-1.9.5p2-1.5 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72073	P	sudo-1.9.5p2-1.5 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101278	P	libgit2-28-0.28.4-1.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:99109	P	(Moderate)	2021-06-09
oval:org.opensuse.security:def:93253	P	(Important)	2021-06-08
oval:org.opensuse.security:def:5764	P	Security update for postgresql10 (Moderate)	2021-05-27
oval:com.redhat.rhsa:def:20211723	P	RHSA-2021:1723: sudo security and bug fix update (Low)	2021-05-18
oval:org.opensuse.security:def:111193	P	Security update for sudo (Important)	2021-01-27
oval:org.opensuse.security:def:110657	P	Security update for sudo (Important)	2021-01-27
oval:org.opensuse.security:def:90473	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:32139	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:64542	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:107944	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:57962	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:88469	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:73446	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:84177	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:8998	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:92550	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:125569	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:34481	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:69890	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:26087	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:60304	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:98914	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:51924	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:86603	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:10116	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:91964	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:32962	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:66853	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:108691	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:58785	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:89162	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:97156	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:73664	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:84636	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:9362	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:92749	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:126738	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:70256	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:31220	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:57043	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:87426	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:10301	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:8618	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:92159	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:5074	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:33684	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:69502	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:23620	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:59507	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:89420	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:75921	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:85684	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:9551	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:92947	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:127135	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:70441	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:31653	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:64324	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:99301	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:104128	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:57476	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:88155	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:8803	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:92351	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:117459	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:33942	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:69691	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:23936	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:59765	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:97438	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:51608	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:86117	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:9750	P	Security update for sudo (Important)	2021-01-26

BACK