selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:30
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
13 Sep 2021, 19:48
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MLIST) https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E - Mailing List, Third Party Advisory |
29 Jun 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Feb 2021, 15:56
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202101-33 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/ - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210129-0010/ - Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
29 Jan 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jan 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jan 2021, 21:32
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.4
v3 : 7.8 |
CWE | CWE-59 | |
CPE | cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:* | |
References | (MISC) https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | (CONFIRM) https://www.sudo.ws/stable.html#1.9.5 - Release Notes, Vendor Advisory |
12 Jan 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-12 09:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-23240
Mitre link : CVE-2021-23240
CVE.ORG link : CVE-2021-23240
JSON object : View
Products Affected
sudo_project
- sudo
netapp
- hci_management_node
- solidfire
fedoraproject
- fedora
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')