Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310833037HistoryMar 04, 2024 - 12:00 a.m.
openSUSE: Security Advisory for sudo (SUSE-SU-2023:0114-1)
2024-03-0400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
opensuse leap 15.4
opensuse leap micro 5.3
sudo
arbitrary file write
vulnerability fix
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.833037");
script_version("2024-05-16T05:05:35+0000");
script_cve_id("CVE-2023-22809");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2024-05-16 05:05:35 +0000 (Thu, 16 May 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-01-26 18:26:49 +0000 (Thu, 26 Jan 2023)");
script_tag(name:"creation_date", value:"2024-03-04 07:42:04 +0000 (Mon, 04 Mar 2024)");
script_name("openSUSE: Security Advisory for sudo (SUSE-SU-2023:0114-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(openSUSELeap15\.4|openSUSELeapMicro5\.3)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:0114-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/DSADGSFXD5ZL2T34FACSUUF7TVX75NPC");
script_tag(name:"summary", value:"The remote host is missing an update for the 'sudo'
package(s) announced via the SUSE-SU-2023:0114-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for sudo fixes the following issues:
- CVE-2023-22809: Fixed an arbitrary file write issue that could be
exploited by users with sudoedit permissions (bsc#1207082).");
script_tag(name:"affected", value:"'sudo' package(s) on openSUSE Leap 15.4, openSUSE Leap Micro 5.3.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.4") {
if(!isnull(res = isrpmvuln(pkg:"sudo", rpm:"sudo~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-debuginfo", rpm:"sudo-debuginfo~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-debugsource", rpm:"sudo-debugsource~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-devel", rpm:"sudo-devel~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-plugin-python", rpm:"sudo-plugin-python~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-plugin-python-debuginfo", rpm:"sudo-plugin-python-debuginfo~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-test", rpm:"sudo-test~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo", rpm:"sudo~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-debuginfo", rpm:"sudo-debuginfo~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-debugsource", rpm:"sudo-debugsource~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-devel", rpm:"sudo-devel~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-plugin-python", rpm:"sudo-plugin-python~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-plugin-python-debuginfo", rpm:"sudo-plugin-python-debuginfo~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-test", rpm:"sudo-test~1.9.9~150400.4.12.1", rls:"openSUSELeap15.4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "openSUSELeapMicro5.3") {
if(!isnull(res = isrpmvuln(pkg:"sudo", rpm:"sudo~1.9.9~150400.4.12.1", rls:"openSUSELeapMicro5.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-debuginfo", rpm:"sudo-debuginfo~1.9.9~150400.4.12.1", rls:"openSUSELeapMicro5.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"sudo-debugsource", rpm:"sudo-debugsource~1.9.9~150400.4.12.1", rls:"openSUSELeapMicro5.3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);Related
oraclelinux
oraclelinux
sudo security update
2023-01-23 00:00:00
sudo security update
2023-01-23 00:00:00
sudo security update
2023-01-24 00:00:00
nessus
nessus
EulerOS 2.0 SP9 : sudo (EulerOS-SA-2023-1459)
2023-03-08 00:00:00
Oracle Linux 7 : sudo (ELSA-2023-0291)
2023-01-24 00:00:00
CentOS 9 : sudo-1.9.5p2-9.el9
2024-02-29 00:00:00
debian
debian
[SECURITY] [DLA 3272-1] sudo security update
2023-01-18 16:30:36
[SECURITY] [DSA 5321-1] sudo security update
2023-01-18 15:39:45
cvelist
cvelist
CVE-2023-22809
2023-01-18 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: sudo-1.9.12-2.p2.fc36
2023-02-05 01:54:10
[SECURITY] Fedora 37 Update: sudo-1.9.12-1.p2.fc37
2023-01-22 01:52:00
ubuntu
ubuntu
Sudo vulnerability
2023-01-30 00:00:00
Sudo vulnerability
2023-01-18 00:00:00
Sudo vulnerabilities
2023-01-18 00:00:00
redhat
redhat
(RHSA-2023:3276) Important: sudo security update
2023-05-23 13:49:27
(RHSA-2023:0283) Important: sudo security update
2023-01-23 08:22:53
(RHSA-2023:0282) Important: sudo security update
2023-01-23 08:22:52
osv
osv
Important: sudo security update
2023-01-23 08:23:15
Important: sudo security update
2023-01-23 08:22:52
sudo vulnerability
2023-01-30 13:51:21
openvas
openvas
Debian: Security Advisory (DLA-3272-1)
2023-01-19 00:00:00
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-2173)
2023-06-09 00:00:00
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-1611)
2023-04-13 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-06-02 16:20:56
f5
f5
K000132667 : Sudo vulnerability CVE-2023-22809
2023-02-20 00:00:00
githubexploit
githubexploit
Exploit for Improper Privilege Management in Sudo Project Sudo
2023-06-20 00:38:08
Exploit for Improper Privilege Management in Sudo Project Sudo
2023-08-06 06:46:40
Exploit for Improper Privilege Management in Sudo Project Sudo
2023-07-10 06:38:14
rosalinux
rosalinux
Advisory ROSA-SA-2024-2396
2024-04-11 07:39:43
Advisory ROSA-SA-2023-2075
2023-01-31 12:50:07
almalinux
almalinux
Important: sudo security update
2023-01-23 00:00:00
Important: sudo security update
2023-01-23 00:00:00
amazon
amazon
Important: sudo
2023-03-02 22:36:00
Important: sudo
2023-01-31 20:44:00
cbl_mariner
cbl_mariner
CVE-2023-22809 affecting package sudo for versions less than 1.9.12p2-1
2023-02-24 01:54:46
CVE-2023-22809 affecting package sudo 1.9.12p1-1
2023-03-02 04:18:33
prion
prion
Design/Logic Flaw
2023-01-18 17:15:00
redos
redos
ROS-20230124-01
2023-01-24 00:00:00
cve
cve
CVE-2023-22809
2023-01-18 17:15:10
gentoo
gentoo
sudo: Root Privilege Escalation
2023-05-03 00:00:00
mageia
mageia
Updated sudo packages fix security vulnerability
2023-01-24 10:58:25
rocky
rocky
sudo security update
2023-01-23 08:22:52
sudo security update
2023-01-23 08:23:15
debiancve
debiancve
CVE-2023-22809
2023-01-18 17:15:10
veracode
veracode
Privilege Escalation
2023-01-20 21:08:45
packetstorm
packetstorm
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification
2023-08-18 00:00:00
Sudoedit Extra Arguments Privilege Escalation
2023-05-23 00:00:00
sudo 1.9.12p1 Privilege Escalation
2023-04-03 00:00:00
zdt
zdt
Sudoedit Extra Arguments Privilege Escalation Exploit
2023-05-23 00:00:00
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification Vulnerability
2023-08-20 00:00:00
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit
2023-04-03 00:00:00
alpinelinux
alpinelinux
CVE-2023-22809
2023-01-18 17:15:10
redhatcve
redhatcve
CVE-2023-22809
2023-01-18 16:36:30
korelogic
korelogic
metasploit
metasploit
Sudoedit Extra Arguments Priv Esc
2023-04-25 08:37:33
centos
centos
sudo security update
2023-01-30 16:44:19
cloudlinux
cloudlinux
sudo: Fix of CVE-2023-22809
2023-02-09 23:32:51
ubuntucve
ubuntucve
CVE-2023-22809
2023-01-18 00:00:00
paloalto
paloalto
Impact of Sudo Vulnerability CVE-2023-22809
2023-02-08 17:00:00
cloudfoundry
cloudfoundry
USN-5811-1: Sudo vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
exploitdb
exploitdb
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
2023-04-03 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-0316
2023-01-18 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0316
2023-01-18 00:00:00
Important Photon OS Security Update - PHSA-2023-0518
2023-01-19 00:00:00
ibm
ibm
mmpc
mmpc
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
mssecure
mssecure
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
apple
apple
About the security content of macOS Ventura 13.4
2023-05-18 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
8.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.0%
Related for OPENVAS:1361412562310833037