sudoedit (`sudo -e`) security flaw (CVE-2023-22809)

Security vulnerability

A new sudo vulnerability was found. It was on sudoedit (sudo -e) flaw. With it, attackers can edit arbitrary files, and therefore machines were at the risk of the pwned and having information steeled.

CVE

C…


This content originally appeared on DEV Community 👩‍💻👨‍💻 and was authored by nabbisen

Security vulnerability

A new sudo vulnerability was found. It was on sudoedit (sudo -e) flaw. With it, attackers can edit arbitrary files, and therefore machines were at the risk of the pwned and having information steeled.

CVE

CVE-2023-22809

Solution

If sudo is 1.8 or greater, it is recommended to update it to the latest version (1.9.12p2) released today, on 2023-01-19.

Temporary workaround

In case that you can't update it right now,

the official website describes there is a way to mitigate it by adding the line below to sudoers:

Defaults!sudoedit    env_delete+="SUDO_EDITOR VISUAL EDITOR"

Reference

This post is based on the tweets by my company


This content originally appeared on DEV Community 👩‍💻👨‍💻 and was authored by nabbisen


Print Share Comment Cite Upload Translate Updates
APA

nabbisen | Sciencx (2023-01-19T14:30:37+00:00) sudoedit (`sudo -e`) security flaw (CVE-2023-22809). Retrieved from https://www.scien.cx/2023/01/19/sudoedit-sudo-e-security-flaw-cve-2023-22809/

MLA
" » sudoedit (`sudo -e`) security flaw (CVE-2023-22809)." nabbisen | Sciencx - Thursday January 19, 2023, https://www.scien.cx/2023/01/19/sudoedit-sudo-e-security-flaw-cve-2023-22809/
HARVARD
nabbisen | Sciencx Thursday January 19, 2023 » sudoedit (`sudo -e`) security flaw (CVE-2023-22809)., viewed ,<https://www.scien.cx/2023/01/19/sudoedit-sudo-e-security-flaw-cve-2023-22809/>
VANCOUVER
nabbisen | Sciencx - » sudoedit (`sudo -e`) security flaw (CVE-2023-22809). [Internet]. [Accessed ]. Available from: https://www.scien.cx/2023/01/19/sudoedit-sudo-e-security-flaw-cve-2023-22809/
CHICAGO
" » sudoedit (`sudo -e`) security flaw (CVE-2023-22809)." nabbisen | Sciencx - Accessed . https://www.scien.cx/2023/01/19/sudoedit-sudo-e-security-flaw-cve-2023-22809/
IEEE
" » sudoedit (`sudo -e`) security flaw (CVE-2023-22809)." nabbisen | Sciencx [Online]. Available: https://www.scien.cx/2023/01/19/sudoedit-sudo-e-security-flaw-cve-2023-22809/. [Accessed: ]
rf:citation
» sudoedit (`sudo -e`) security flaw (CVE-2023-22809) | nabbisen | Sciencx | https://www.scien.cx/2023/01/19/sudoedit-sudo-e-security-flaw-cve-2023-22809/ |

Please log in to upload a file.



There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.

Related Posts