Fluid Attacks Database

Description

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.10	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.20_p2-r0 \|\| =1.8.21_p2-r0 \|\| =1.8.21_p2-r1 \|\| =1.8.21_p2-r2 \|\| =1.8.22-r2 \|\| =1.8.23-r2 \|\| =1.8.25_p1-r2 \|\| =1.8.27-r0 \|\| =1.8.27-r1 \|\| =1.8.27-r2 \|\| =1.8.3-r0 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.9.5p2-r0	1.9.5p2-r0
debian 12	sudo	>=0 <1.9.5-1	1.9.5-1
alpine v3.15	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.20_p2-r0 \|\| =1.8.21_p2-r0 \|\| =1.8.21_p2-r1 \|\| =1.8.21_p2-r2 \|\| =1.8.22-r2 \|\| =1.8.23-r2 \|\| =1.8.25_p1-r2 \|\| =1.8.27-r0 \|\| =1.8.28-r0 \|\| =1.8.28p1-r0 \|\| =1.8.29-r0 \|\| =1.8.3-r0 \|\| =1.8.30-r0 \|\| =1.8.31-r0 \|\| =1.8.31p1-r0 \|\| =1.8.31p1-r1 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| =1.9.0-r0 \|\| =1.9.1-r0 \|\| =1.9.3-r0 \|\| =1.9.3_p1-r0 \|\| =1.9.4-r0 \|\| =1.9.4p2-r0 \|\| >=0 <1.9.5-r0	1.9.5-r0
alpine v3.11	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.20_p2-r0 \|\| =1.8.21_p2-r0 \|\| =1.8.21_p2-r1 \|\| =1.8.21_p2-r2 \|\| =1.8.22-r2 \|\| =1.8.23-r2 \|\| =1.8.25_p1-r2 \|\| =1.8.27-r0 \|\| =1.8.28-r0 \|\| =1.8.28p1-r0 \|\| =1.8.29-r0 \|\| =1.8.29-r1 \|\| =1.8.29-r2 \|\| =1.8.3-r0 \|\| =1.8.31-r0 \|\| =1.8.31-r1 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.9.5p2-r0	1.9.5p2-r0
alpine v3.12	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.20_p2-r0 \|\| =1.8.21_p2-r0 \|\| =1.8.21_p2-r1 \|\| =1.8.21_p2-r2 \|\| =1.8.22-r2 \|\| =1.8.23-r2 \|\| =1.8.25_p1-r2 \|\| =1.8.27-r0 \|\| =1.8.28-r0 \|\| =1.8.28p1-r0 \|\| =1.8.29-r0 \|\| =1.8.3-r0 \|\| =1.8.30-r0 \|\| =1.8.31-r0 \|\| =1.8.31p1-r0 \|\| =1.8.31p1-r1 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| =1.9.0-r0 \|\| >=0 <1.9.5-r0	1.9.5-r0
alpine v3.13	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.20_p2-r0 \|\| =1.8.21_p2-r0 \|\| =1.8.21_p2-r1 \|\| =1.8.21_p2-r2 \|\| =1.8.22-r2 \|\| =1.8.23-r2 \|\| =1.8.25_p1-r2 \|\| =1.8.27-r0 \|\| =1.8.28-r0 \|\| =1.8.28p1-r0 \|\| =1.8.29-r0 \|\| =1.8.3-r0 \|\| =1.8.30-r0 \|\| =1.8.31-r0 \|\| =1.8.31p1-r0 \|\| =1.8.31p1-r1 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| =1.9.0-r0 \|\| =1.9.1-r0 \|\| =1.9.3-r0 \|\| =1.9.3_p1-r0 \|\| =1.9.4-r0 \|\| =1.9.4p2-r0 \|\| >=0 <1.9.5-r0	1.9.5-r0
alpine v3.14	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.20_p2-r0 \|\| =1.8.21_p2-r0 \|\| =1.8.21_p2-r1 \|\| =1.8.21_p2-r2 \|\| =1.8.22-r2 \|\| =1.8.23-r2 \|\| =1.8.25_p1-r2 \|\| =1.8.27-r0 \|\| =1.8.28-r0 \|\| =1.8.28p1-r0 \|\| =1.8.29-r0 \|\| =1.8.3-r0 \|\| =1.8.30-r0 \|\| =1.8.31-r0 \|\| =1.8.31p1-r0 \|\| =1.8.31p1-r1 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| =1.9.0-r0 \|\| =1.9.1-r0 \|\| =1.9.3-r0 \|\| =1.9.3_p1-r0 \|\| =1.9.4-r0 \|\| =1.9.4p2-r0 \|\| >=0 <1.9.5-r0	1.9.5-r0
debian 11	sudo	>=0 <1.9.5-1	1.9.5-1
debian 14	sudo	>=0 <1.9.5-1	1.9.5-1
debian 13	sudo	>=0 <1.9.5-1	1.9.5-1

1-10 of 14

Aliases

1. CVE-2021-232402. NVD-2021-232403. OSV-ALPINE-2021-232404. OSV-2021-232405. OSV-DEBIAN-2021-232406. SECURITY-CVE-2021-232407. SECURITY-TRACKER-CVE-2021-23240

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.