CVE-2021-23239

Updated: 2023-11-07 19:33:09.902608

Description:

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x LOW 1.9
CVSS Version 3.x LOW 2.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU sudo 1.9.5p2 2.5 LOW Ignored 2023-11-08 04:07:50
CentOS 6 ELS sudo 1.8.6p3 2.5 LOW Ignored 2021-11-02 14:03:19
CentOS 7 ELS sudo 1.8.23 2.5 LOW Ignored 2023-09-19 09:30:11
CentOS 8.4 ELS sudo 1.8.29-7 2.5 LOW Already Fixed 2023-10-30 11:22:07
CentOS 8.5 ELS sudo 1.8.29-7 2.5 LOW Already Fixed 2023-10-30 11:22:07
CloudLinux 6 ELS sudo 1.8.6p3 2.5 LOW Ignored 2021-11-02 14:03:19
Oracle Linux 6 ELS sudo 1.8.6p3 2.5 LOW Ignored 2021-11-02 14:03:19
Ubuntu 16.04 ELS sudo 1.8.16 2.5 LOW Not Vulnerable 2021-11-02 14:03:19
Ubuntu 18.04 ELS sudo 1.8.21 2.5 LOW Already Fixed 2023-06-02 09:09:51