Bug 1207082 – VUL-0: CVE-2023-22809: sudo: arbitrary file write with privileges of the RunAs user

Bug 1207082 - (CVE-2023-22809) VUL-0: CVE-2023-22809: sudo: arbitrary file write with privileges of the RunAs user

(CVE-2023-22809)
Summary:	VUL-0: CVE-2023-22809: sudo: arbitrary file write with privileges of the RunA...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/353571/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-22809:7.8:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2023-01-12 14:37 UTC by Thomas Leroy
Modified:	2023-02-15 00:25 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
sudoedit.patch (4.50 KB, patch) 2023-01-14 09:48 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 3 Jason Sikes 2023-01-12 17:56:40 UTC

I see in the attached document that Todd Miller has developed a patch to address this. I don't see a related patch in sudo's git log, and it's not included in the attached Security Advisory.

Should I wait until 18 January to work on this? Or, does anyone know of a way to find Miller's patch?

Comment 4 Thomas Leroy 2023-01-13 09:49:01 UTC

(In reply to Jason Sikes from comment #3)
> I see in the attached document that Todd Miller has developed a patch to
> address this. I don't see a related patch in sudo's git log, and it's not
> included in the attached Security Advisory.
> 
> Should I wait until 18 January to work on this? Or, does anyone know of a
> way to find Miller's patch?

I can't find it neither... Someone already asked the patch in the ML thread. I'll provide you as soon as I have it

Comment 5 Thomas Leroy 2023-01-13 13:38:40 UTC

I double-checked, SUSE:SLE-11-SP3:Update is not affected, but the others are:
- SUSE:SLE-12-SP2:Update
- SUSE:SLE-12-SP3:Update
- SUSE:SLE-12-SP5:Update
- SUSE:SLE-15-SP3:Update
- SUSE:SLE-15-SP4:Update
- SUSE:SLE-15-SP5:Update
- SUSE:SLE-15:Update
- openSUSE:Factory

Comment 6 Marcus Meissner 2023-01-14 09:48:56 UTC

Created attachment 864118 [details]
sudoedit.patch

patch from reporter (but should be from upstream)

Comment 9 Jason Sikes 2023-01-19 03:54:33 UTC

Created request 1059469 in OBS to update sudo to version 1.9.12p2.

Comment 10 Gianluca Gabrielli 2023-01-19 07:27:29 UTC

Public: https://www.sudo.ws/releases/stable/#1.9.12p2

Comment 11 Swamp Workflow Management 2023-01-19 14:18:19 UTC

SUSE-SU-2023:0101-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    sudo-1.8.20p2-3.36.1
SUSE OpenStack Cloud 9 (src):    sudo-1.8.20p2-3.36.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    sudo-1.8.20p2-3.36.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    sudo-1.8.20p2-3.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 12 Swamp Workflow Management 2023-01-19 14:18:55 UTC

SUSE-SU-2023:0100-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    sudo-1.8.10p3-10.44.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2023-01-20 14:22:17 UTC

SUSE-SU-2023:0115-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Manager Server 4.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Manager Retail Branch Server 4.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Manager Proxy 4.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Server for SAP 15-SP3 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Server 15-SP3-LTSS (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Micro 5.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Micro 5.1 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Enterprise Storage 7.1 (src):    sudo-1.9.5p2-150300.3.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2023-01-20 14:23:10 UTC

SUSE-SU-2023:0117-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1206170,1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    sudo-1.8.27-4.33.1
SUSE Linux Enterprise Server 12-SP5 (src):    sudo-1.8.27-4.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Swamp Workflow Management 2023-01-20 14:30:30 UTC

SUSE-SU-2023:0116-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1206170,1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Enterprise Storage 7 (src):    sudo-1.8.27-150000.4.38.1
SUSE Enterprise Storage 6 (src):    sudo-1.8.27-150000.4.38.1
SUSE CaaS Platform 4.0 (src):    sudo-1.8.27-150000.4.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Swamp Workflow Management 2023-01-20 14:31:20 UTC

SUSE-SU-2023:0114-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
openSUSE Leap Micro 5.3 (src):    sudo-1.9.9-150400.4.12.1
openSUSE Leap 15.4 (src):    sudo-1.9.9-150400.4.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    sudo-1.9.9-150400.4.12.1
SUSE Linux Enterprise Micro 5.3 (src):    sudo-1.9.9-150400.4.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 17 Jason Sikes 2023-01-23 00:16:53 UTC

(In reply to Jason Sikes from comment #9)
> Created request 1059469 in OBS to update sudo to version 1.9.12p2.

Resubmitted as 1060306.

Transferring to security-team