all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

sudoedit (`sudo -e`) に係る脆弱性 (CVE-2023-22809)

Add to bookmarks
Jan. 19, 2023, 2:31 p.m. | nabbisen

DEV Community dev.to




脆弱性情報


sudo の、sudoedit (sudo -e) に係る脆弱性です。任意のファイルを変更され、権限奪取、およびそれをもとにした情報窃取が行われるおそれがあります。





CVE


CVE-2023-22809





対応方法


1.8 以降のバージョンの場合、2023-01-19 本日リリースの最新版 (1.9.12p2) に更新することが推奨されています。





暫定対応


すぐのアップデートが難しい場合、


sudoers に 1 行追加することでリスクを軽減できる、と公式サイト (英語) で 案内 されています:



Defaults!sudoedit    env_delete+="SUDO_EDITOR VISUAL EDITOR"





参考


本記事は小社のツイートをもとにしています。

cve editor security sudo sudoedit vulnerability

Visit resource

More from dev.to / DEV Community

Vulnerabilities: Cause for Concern 49 minutes ago | dev.to
audit course everything fix +11
Welcome to the Exciting World of Zig! 🚀 4 hours ago | dev.to
compiler detect efficiency error +14
ID Document Recognition SDK by FacePlugin 7 hours ago | dev.to
airports banks businesses challenges +16
What Is Cross-Site Scripting (XSS) and How Does It Work? 8 hours ago | dev.to
attacks cross-site cross-site scripting (xss) attacks digital +26
6 hard truths about learning to code in 2024 10 hours ago | dev.to
article best practices career code +17
tough-cookie-2.4.3 Vulnerability issue 11 hours ago | dev.to
angular assistance cookie critical +6
Using Amazon ECR Image Scanning and AWS Security Hub for Vulnerability Management 12 hours ago | dev.to
amazon applications aspect aws +25
Understanding the Difference Between Authentication and Authorization 14 hours ago | dev.to
authentication authorization context development +11
Set up FreeIPA Server & Client. 16 hours ago | dev.to
aws centos client cloud +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Malware Analyst - TASO / Active Secret

@ Peraton | Arlington, VA, United States
View on infosec-jobs.com

Information Security Engineer

@ Deel | Anywhere (APAC)
View on infosec-jobs.com

Cybersecurity Engineer

@ Booz Allen Hamilton | USA, DC, Washington (1125 15th St NW)
View on infosec-jobs.com

Director, Security Engineering

@ Warner Bros. Discovery | GA Atlanta 1050 Techwood Drive NW
View on infosec-jobs.com

Consultant Senior Securité Réseaux

@ Devoteam | Tunis, Tunisia
View on infosec-jobs.com

SOC Analyst, Mid

@ Peraton | Washington, DC, United States
View on infosec-jobs.com
View more jobs