all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Sudoedit Extra Arguments Privilege Escalation

Add to bookmarks
May 23, 2023, 2:12 p.m. |

Packet Storm packetstormsecurity.com

This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit (aka sudo -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. by appending extra entries on /etc/sudoers allowing for execution of an arbitrary payload with root privileges. Affected versions are 1.8.0 through 1.9.12.p1. However, this module only …

editor environment escalation exploit files list local package privilege privilege escalation process sudo sudoedit vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

Openmediavault Remote Code Execution / Local Privilege Escalation 16 hours ago | packetstormsecurity.com
admin can code code execution +20
RIOT 2024.01 Buffer Overflows / Lack Of Size Checks / Out-Of-Bound Access 16 hours ago | packetstormsecurity.com
access buffer buffer overflows memory +4
I2P 2.5.1 16 hours ago | packetstormsecurity.com
applications can code data +12
Zed Attack Proxy 2.15.0 Cross Platform Package 16 hours ago | packetstormsecurity.com
applications attack cross platform developers +18
AIDE 0.18.8 17 hours ago | packetstormsecurity.com
advanced aide algorithms can +17
Microsoft PlayReady Complete Client Identity Compromise 17 hours ago | packetstormsecurity.com
attack client communication compromise +16
Panel Amadey.d.c MVID-2024-0680 Cross Site Scripting 17 hours ago | packetstormsecurity.com
amadey cross site scripting malware panel +2
Clinic Queuing System 1.0 Remote Code Execution 17 hours ago | packetstormsecurity.com
code code execution remote code remote code execution +4
Debian Security Advisory 5686-1 17 hours ago | packetstormsecurity.com
advisory corruption debian debian linux security +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Expert Global Security Solutions Specialist

@ CHS Inc. | Inver Grove Heights, MN, US, 55077-1721
View on infosec-jobs.com

Security Operations Senior Associate - Perimeter Response

@ JPMorgan Chase & Co. | Houston, TX, United States
View on infosec-jobs.com

Cybersecurity Engineer IV

@ ManTech | 203O - CustomerSite,Washington,DC
View on infosec-jobs.com

Senior Site Reliability Engineer - Security

@ Klaviyo | Boston, MA
View on infosec-jobs.com

Information Security Specialist (Cloud Security)

@ Vertiv | Philippines
View on infosec-jobs.com

Business Value Consultant

@ Sumo Logic | United States
View on infosec-jobs.com
View more jobs