Bug 1207082 - (CVE-2023-22809) VUL-0: CVE-2023-22809: sudo: arbitrary file write with privileges of the RunAs user
(CVE-2023-22809)
VUL-0: CVE-2023-22809: sudo: arbitrary file write with privileges of the RunA...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/353571/
CVSSv3.1:SUSE:CVE-2023-22809:7.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-01-12 14:37 UTC by Thomas Leroy
Modified: 2023-02-01 16:14 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
sudoedit.patch (4.50 KB, patch)
2023-01-14 09:48 UTC, Marcus Meissner
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 3 Jason Sikes 2023-01-12 17:56:40 UTC
I see in the attached document that Todd Miller has developed a patch to address this. I don't see a related patch in sudo's git log, and it's not included in the attached Security Advisory.

Should I wait until 18 January to work on this? Or, does anyone know of a way to find Miller's patch?
Comment 4 Thomas Leroy 2023-01-13 09:49:01 UTC
(In reply to Jason Sikes from comment #3)
> I see in the attached document that Todd Miller has developed a patch to
> address this. I don't see a related patch in sudo's git log, and it's not
> included in the attached Security Advisory.
> 
> Should I wait until 18 January to work on this? Or, does anyone know of a
> way to find Miller's patch?

I can't find it neither... Someone already asked the patch in the ML thread. I'll provide you as soon as I have it
Comment 5 Thomas Leroy 2023-01-13 13:38:40 UTC
I double-checked, SUSE:SLE-11-SP3:Update is not affected, but the others are:
- SUSE:SLE-12-SP2:Update
- SUSE:SLE-12-SP3:Update
- SUSE:SLE-12-SP5:Update
- SUSE:SLE-15-SP3:Update
- SUSE:SLE-15-SP4:Update
- SUSE:SLE-15-SP5:Update
- SUSE:SLE-15:Update
- openSUSE:Factory
Comment 6 Marcus Meissner 2023-01-14 09:48:56 UTC
Created attachment 864118 [details]
sudoedit.patch

patch from reporter (but should be from upstream)
Comment 9 Jason Sikes 2023-01-19 03:54:33 UTC
Created request 1059469 in OBS to update sudo to version 1.9.12p2.
Comment 10 Gianluca Gabrielli 2023-01-19 07:27:29 UTC
Public: https://www.sudo.ws/releases/stable/#1.9.12p2
Comment 11 Swamp Workflow Management 2023-01-19 14:18:19 UTC
SUSE-SU-2023:0101-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    sudo-1.8.20p2-3.36.1
SUSE OpenStack Cloud 9 (src):    sudo-1.8.20p2-3.36.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    sudo-1.8.20p2-3.36.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    sudo-1.8.20p2-3.36.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2023-01-19 14:18:55 UTC
SUSE-SU-2023:0100-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    sudo-1.8.10p3-10.44.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2023-01-20 14:22:17 UTC
SUSE-SU-2023:0115-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Manager Server 4.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Manager Retail Branch Server 4.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Manager Proxy 4.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Server for SAP 15-SP3 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Server 15-SP3-LTSS (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Micro 5.2 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise Micro 5.1 (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (src):    sudo-1.9.5p2-150300.3.19.1
SUSE Enterprise Storage 7.1 (src):    sudo-1.9.5p2-150300.3.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2023-01-20 14:23:10 UTC
SUSE-SU-2023:0117-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1206170,1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    sudo-1.8.27-4.33.1
SUSE Linux Enterprise Server 12-SP5 (src):    sudo-1.8.27-4.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2023-01-20 14:30:30 UTC
SUSE-SU-2023:0116-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1206170,1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    sudo-1.8.27-150000.4.38.1
SUSE Enterprise Storage 7 (src):    sudo-1.8.27-150000.4.38.1
SUSE Enterprise Storage 6 (src):    sudo-1.8.27-150000.4.38.1
SUSE CaaS Platform 4.0 (src):    sudo-1.8.27-150000.4.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2023-01-20 14:31:20 UTC
SUSE-SU-2023:0114-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1207082
CVE References: CVE-2023-22809
JIRA References: 
Sources used:
openSUSE Leap Micro 5.3 (src):    sudo-1.9.9-150400.4.12.1
openSUSE Leap 15.4 (src):    sudo-1.9.9-150400.4.12.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    sudo-1.9.9-150400.4.12.1
SUSE Linux Enterprise Micro 5.3 (src):    sudo-1.9.9-150400.4.12.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Jason Sikes 2023-01-23 00:16:53 UTC
(In reply to Jason Sikes from comment #9)
> Created request 1059469 in OBS to update sudo to version 1.9.12p2.

Resubmitted as 1060306.

Transferring to security-team