CVE-2021-23239 : The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged use

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

Published 2021-01-12 09:15:14

Updated 2022-11-09 04:12:06

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-23239

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Management Node » Version: N/A
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire » Version: N/A
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Matching versions
Sudo Project » Sudo
Versions from including (>=) 1.9.0 and before (<) 1.9.5
cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
Matching versions
Sudo Project » Sudo
Versions before (<) 1.8.32
cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-23239

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 31 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-23239

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:P/I:N/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
2.5	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N	1.0	1.4	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2021-23239

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-23239

https://lists.debian.org/debian-lts-announce/2022/11/msg00007.html

[SECURITY] [DLA 3181-1] sudo security update
Mailing List;Third Party Advisory
https://www.sudo.ws/stable.html#1.9.5

Sudo Stable Release
Release Notes;Vendor Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20210129-0010/

January 2021 Sudo Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202101-33

sudo: Multiple vulnerabilities (GLSA 202101-33) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/

[SECURITY] Fedora 33 Update: sudo-1.9.5p1-1.fc33 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/

[SECURITY] Fedora 32 Update: sudo-1.9.5p1-1.fc32 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23239

Bug 1180684 – VUL-0: CVE-2021-23239: sudo: Possible Dir Existence Test due to Race Condition in `sudoedit`
Exploit;Issue Tracking;Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-23239

Products affected by CVE-2021-23239

Exploit prediction scoring system (EPSS) score for CVE-2021-23239

CVSS scores for CVE-2021-23239

CWE ids for CVE-2021-23239

References for CVE-2021-23239