CVE-2023-22809: Sudo flaw lets attackers gain root privileges

CVE-2023-22809

A high-severity vulnerability has been reported in Sudo that could be exploited by a low-privilege attacker to gain root access on an affected system.

Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system. Sudo (su “do”) allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.

CVE-2023-22809

The vulnerability, identified as CVE-2023-22809, was discovered by researchers Matthieu Barjole and Victor Cutillas of Synacktiv in the sudoedit function for Linux that could allow a malicious user with sudoedit privileges to edit arbitrary files.

Sudo uses user-provided environment variables to let its users select their editor of choice. The content of these variables extends the actual command passed to the sudo_edit() function. However, the latter relies on the presence of the argument to determine the list of files to edit. The injection of an extra argument in one of the authorized environment variables can alter this list and lead to privilege escalation by editing any other file with privileges of the RunAs user. This issue occurs after the sudoers policy validation,” Synacktiv explains in its advisory.

The CVE-2023-22809, which affects Sudo 1.8.0 through 1.9.12p1 inclusive, has already been patched in Sudo 1.9.12p2. Versions of sudo prior to 1.8.0 construct the argument vector differently and are not affected. Users are recommended to update their systems to the latest release.