Main Vulnerability Database SB2021012102

SB2021012102 - Arch Linux update for sudo

Published: January 21, 2021

Security Bulletin ID SB2021012102

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Link following (CVE-ID: CVE-2021-23239)

The vulnerability allows a local authenticated user to gain access to sensitive information.

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

Remediation

Install update from vendor's website.

References

https://security.archlinux.org/advisory/ASA-202101-25