Description
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 alpine v3.15 | | =1.6.9_p17-r1 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.7.2_p1-r0 || =1.7.2_p2-r0 || =1.7.2_p4-r0 || =1.7.2_p5-r0 || =1.7.2_p6-r0 || =1.7.2_p6-r1 || =1.7.2_p7-r0 || =1.7.3-r0 || =1.7.4_p2-r0 || =1.7.4_p3-r0 || =1.7.4_p4-r0 || =1.7.4_p5-r0 || =1.7.4p6-r0 || =1.8.0-r0 || =1.8.0-r1 || =1.8.1-r0 || =1.8.10-r0 || =1.8.10_p1-r0 || =1.8.10_p2-r0 || =1.8.10_p3-r0 || =1.8.11_p2-r0 || =1.8.12-r0 || =1.8.13-r0 || =1.8.14_p3-r0 || =1.8.14_p3-r1 || =1.8.15-r0 || =1.8.15-r1 || =1.8.16-r0 || =1.8.17-r0 || =1.8.17_p1-r0 || =1.8.18-r0 || =1.8.18_p1-r0 || =1.8.19_p1-r0 || =1.8.19_p2-r0 || =1.8.1p1-r0 || =1.8.2-r0 || =1.8.20_p1-r0 || =1.8.20_p2-r0 || =1.8.21_p2-r0 || =1.8.21_p2-r1 || =1.8.21_p2-r2 || =1.8.22-r2 || =1.8.23-r2 || =1.8.25_p1-r2 || =1.8.27-r0 || =1.8.28-r0 || =1.8.28p1-r0 || =1.8.29-r0 || =1.8.3-r0 || =1.8.30-r0 || =1.8.31-r0 || =1.8.31p1-r0 || =1.8.31p1-r1 || =1.8.3_p1-r0 || =1.8.3_p2-r0 || =1.8.3_p2-r1 || =1.8.4-r0 || =1.8.4_p1-r0 || =1.8.4_p2-r0 || =1.8.4_p4-r0 || =1.8.5_p1-r0 || =1.8.5_p2-r0 || =1.8.5_p3-r0 || =1.8.6-r0 || =1.8.6_p1-r0 || =1.8.6_p3-r0 || =1.8.6_p4-r0 || =1.8.6_p5-r0 || =1.8.6_p6-r0 || =1.8.6_p7-r0 || =1.8.6_p8-r0 || =1.8.7-r0 || =1.8.8-r0 || =1.8.9_p4-r0 || =1.8.9_p5-r0 || =1.9.0-r0 || =1.9.1-r0 || =1.9.12-r0 || =1.9.12-r1 || =1.9.3-r0 || =1.9.3_p1-r0 || =1.9.4-r0 || =1.9.4p2-r0 || =1.9.5-r0 || =1.9.5p1-r0 || =1.9.5p2-r0 || =1.9.6-r0 || =1.9.6_p1-r0 || =1.9.6_p1-r1 || =1.9.7_p1-r1 || =1.9.7_p2-r0 || =1.9.8-r0 || =1.9.8_p1-r0 || =1.9.8_p2-r0 || =1.9.8_p2-r1 || >=0 <1.9.12_p2-r0 | 1.9.12_p2-r0 |
alpine v3.14 | | =1.6.9_p17-r1 || =1.7.0-r0 || =1.7.1-r0 || =1.7.2-r0 || =1.7.2_p1-r0 || =1.7.2_p2-r0 || =1.7.2_p4-r0 || =1.7.2_p5-r0 || =1.7.2_p6-r0 || =1.7.2_p6-r1 || =1.7.2_p7-r0 || =1.7.3-r0 || =1.7.4_p2-r0 || =1.7.4_p3-r0 || =1.7.4_p4-r0 || =1.7.4_p5-r0 || =1.7.4p6-r0 || =1.8.0-r0 || =1.8.0-r1 || =1.8.1-r0 || =1.8.10-r0 || =1.8.10_p1-r0 || =1.8.10_p2-r0 || =1.8.10_p3-r0 || =1.8.11_p2-r0 || =1.8.12-r0 || =1.8.13-r0 || =1.8.14_p3-r0 || =1.8.14_p3-r1 || =1.8.15-r0 || =1.8.15-r1 || =1.8.16-r0 || =1.8.17-r0 || =1.8.17_p1-r0 || =1.8.18-r0 || =1.8.18_p1-r0 || =1.8.19_p1-r0 || =1.8.19_p2-r0 || =1.8.1p1-r0 || =1.8.2-r0 || =1.8.20_p1-r0 || =1.8.20_p2-r0 || =1.8.21_p2-r0 || =1.8.21_p2-r1 || =1.8.21_p2-r2 || =1.8.22-r2 || =1.8.23-r2 || =1.8.25_p1-r2 || =1.8.27-r0 || =1.8.28-r0 || =1.8.28p1-r0 || =1.8.29-r0 || =1.8.3-r0 || =1.8.30-r0 || =1.8.31-r0 || =1.8.31p1-r0 || =1.8.31p1-r1 || =1.8.3_p1-r0 || =1.8.3_p2-r0 || =1.8.3_p2-r1 || =1.8.4-r0 || =1.8.4_p1-r0 || =1.8.4_p2-r0 || =1.8.4_p4-r0 || =1.8.5_p1-r0 || =1.8.5_p2-r0 || =1.8.5_p3-r0 || =1.8.6-r0 || =1.8.6_p1-r0 || =1.8.6_p3-r0 || =1.8.6_p4-r0 || =1.8.6_p5-r0 || =1.8.6_p6-r0 || =1.8.6_p7-r0 || =1.8.6_p8-r0 || =1.8.7-r0 || =1.8.8-r0 || =1.8.9_p4-r0 || =1.8.9_p5-r0 || =1.9.0-r0 || =1.9.1-r0 || =1.9.12-r0 || =1.9.12-r1 || =1.9.3-r0 || =1.9.3_p1-r0 || =1.9.4-r0 || =1.9.4p2-r0 || =1.9.5-r0 || =1.9.5p1-r0 || =1.9.5p2-r0 || =1.9.6-r0 || =1.9.6_p1-r0 || =1.9.6_p1-r1 || =1.9.7_p1-r1 || >=0 <1.9.12_p2-r0 | 1.9.12_p2-r0 |
 debian 11 | | =1.9.5p2-3 || >=0 <1.9.5p2-3+deb11u1 | 1.9.5p2-3+deb11u1 |
debian 12 | | | 1.9.12p2-1 |
debian 13 | | | 1.9.12p2-1 |
debian 14 | | | 1.9.12p2-1 |
 rpm rhel7 | | | 0:1.8.23-10.el7_9.3 |
rpm rhel6 | | - | - |
rpm rhel8 | | | 0:1.8.29-8.el8_7.1 |
rpm rhel8.4 | | | 0:1.8.29-7.el8_4.2 |
