Red Hat Enterprise Linux 8 update for sudo
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-23239 CVE-2021-23240 |
| CWE-ID | CWE-59 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
sudo (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Enterprise Linux for ARM 64 Operating systems & Components / Operating system Red Hat Enterprise Linux for Power, little endian Operating systems & Components / Operating system Red Hat Enterprise Linux for IBM z Systems Operating systems & Components / Operating system Red Hat Enterprise Linux for x86_64 Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Link following
EUVDB-ID: #VU49883
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-23239
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
MitigationInstall updates from vendor's website.
sudo (Red Hat package): 1.8.29-5.el8 - 1.8.29-6.el8_3.1
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:sudo_redhat_package:1.8.29-5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:sudo_redhat_package:1.8.29-5.el8_2.1:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:sudo_redhat_package:1.8.29-6.el8_3.1:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2021:1723
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Link following
EUVDB-ID: #VU49884
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-23240
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
MitigationInstall updates from vendor's website.
sudo (Red Hat package): 1.8.29-5.el8 - 1.8.29-6.el8_3.1
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
CPE2.3- cpe:2.3:o:red_hat:sudo_redhat_package:1.8.29-5.el8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:sudo_redhat_package:1.8.29-5.el8_2.1:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:sudo_redhat_package:1.8.29-6.el8_3.1:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHSA-2021:1723
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
