#VU49884 Link following in Sudo - CVE-2021-23240


| Updated: 2021-01-20

Vulnerability identifier: #VU49884

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-23240

CWE-ID: CWE-59

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Sudo
Client/Desktop applications / Software for system administration

Vendor: Sudo

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Sudo: 1.9.0 - 1.9.4p2

External links
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/
https://www.sudo.ws/stable.html#1.9.5

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Juniper Networks Junos cRPD
Multiple vulnerabilities in Juniper Cloud Native Router
Multiple vulnerabilities in Dell EMC VxRail Appliance
Multiple vulnerabilities in OpenShift Virtualization 2.6
Multiple vulnerabilities in OpenShift Virtualization 4.8
Red Hat Enterprise Linux 8 update for sudo
openEuler update for sudo
Gentoo update for sudo
Slackware Linux update for sudo
Fedora 32 update for sudo