Bug 1207082 (CVE-2023-22809)

Summary: VUL-0: CVE-2023-22809: sudo: arbitrary file write with privileges of the RunAs user
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Leroy <thomas.leroy>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gianluca.gabrielli, meissner, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/353571/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-22809:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: sudoedit.patch

Comment 3 Jason Sikes 2023-01-12 17:56:40 UTC 
I see in the attached document that Todd Miller has developed a patch to address this. I don't see a related patch in sudo's git log, and it's not included in the attached Security Advisory.

Should I wait until 18 January to work on this? Or, does anyone know of a way to find Miller's patch?
Comment 4 Thomas Leroy 2023-01-13 09:49:01 UTC 
(In reply to Jason Sikes from comment #3)
> I see in the attached document that Todd Miller has developed a patch to
> address this. I don't see a related patch in sudo's git log, and it's not
> included in the attached Security Advisory.
> 
> Should I wait until 18 January to work on this? Or, does anyone know of a
> way to find Miller's patch?

I can't find it neither... Someone already asked the patch in the ML thread. I'll provide you as soon as I have it
Comment 5 Thomas Leroy 2023-01-13 13:38:40 UTC 
I double-checked, SUSE:SLE-11-SP3:Update is not affected, but the others are:
- SUSE:SLE-12-SP2:Update
- SUSE:SLE-12-SP3:Update
- SUSE:SLE-12-SP5:Update
- SUSE:SLE-15-SP3:Update
- SUSE:SLE-15-SP4:Update
- SUSE:SLE-15-SP5:Update
- SUSE:SLE-15:Update
- openSUSE:Factory
Comment 6 Marcus Meissner 2023-01-14 09:48:56 UTC 
Created attachment 864118 [details]
sudoedit.patch

patch from reporter (but should be from upstream)
Comment 9 Jason Sikes 2023-01-19 03:54:33 UTC 
Created request 1059469 in OBS to update sudo to version 1.9.12p2.
Comment 10 Gianluca Gabrielli 2023-01-19 07:27:29 UTC 
Public: https://www.sudo.ws/releases/stable/#1.9.12p2
Comment 11 Swamp Workflow Management 2023-01-19 14:18:19 UTC 
SUSE-SU-2023:0101-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    sudo-1.8.20p2-3.36.1
SUSE OpenStack Cloud 9 (src):    sudo-1.8.20p2-3.36.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    sudo-1.8.20p2-3.36.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    sudo-1.8.20p2-3.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2023-01-19 14:18:55 UTC 
SUSE-SU-2023:0100-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    sudo-1.8.10p3-10.44.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2023-01-20 14:22:17 UTC 
SUSE-SU-2023:0115-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Manager Server 4.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Manager Retail Branch Server 4.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Manager Proxy 4.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Server for SAP 15-SP3 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Server 15-SP3-LTSS (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Micro 5.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Micro 5.1 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Enterprise Storage 7.1 (src):    sudo-1.9.5p2-150300.3.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2023-01-20 14:23:10 UTC 
SUSE-SU-2023:0117-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1206170,1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    sudo-1.8.27-4.33.1
SUSE Linux Enterprise Server 12-SP5 (src):    sudo-1.8.27-4.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2023-01-20 14:30:30 UTC 
SUSE-SU-2023:0116-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1206170,1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Enterprise Storage 7 (src):    sudo-1.8.27-150000.4.38.1
SUSE Enterprise Storage 6 (src):    sudo-1.8.27-150000.4.38.1
SUSE CaaS Platform 4.0 (src):    sudo-1.8.27-150000.4.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2023-01-20 14:31:20 UTC 
SUSE-SU-2023:0114-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
openSUSE Leap Micro 5.3 (src):    sudo-1.9.9-150400.4.12.1
openSUSE Leap 15.4 (src):    sudo-1.9.9-150400.4.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    sudo-1.9.9-150400.4.12.1
SUSE Linux Enterprise Micro 5.3 (src):    sudo-1.9.9-150400.4.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Jason Sikes 2023-01-23 00:16:53 UTC 
(In reply to Jason Sikes from comment #9)
> Created request 1059469 in OBS to update sudo to version 1.9.12p2.

Resubmitted as 1060306.

Transferring to security-team