CVE-2023-7090
Published: 23 December 2023
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
Notes
Author | Note |
---|---|
rodrigo-zaiden | the issue was introduced in version 1.8.24, from upstream communication, when sudoers parsing was unified. probably with commit 0b31f186, 70d519c8 or around them. there is not Ubuntu version released with the vulnerable code. |
Priority
Status
Package | Release | Status |
---|---|---|
sudo Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(1.8.31-1ubuntu1.5)
|
|
jammy |
Not vulnerable
(1.9.9-1ubuntu2.4)
|
|
lunar |
Not vulnerable
(1.9.9-1ubuntu2.4)
|
|
mantic |
Not vulnerable
(1.9.9-1ubuntu2.4)
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(1.8.28p1-1)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://github.com/sudo-project/sudo/commit/e99082e05b9f0dd0e0f47fa1d2e1b9d922ea8c4c |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://www.sudo.ws/repos/sudo/rev/b4f31dbe3109
- https://www.sudo.ws/releases/legacy/#1.8.28
- https://www.sudo.ws/pipermail/sudo-workers/2019-August/001248.html
- https://www.sudo.ws/pipermail/sudo-workers/2019-August/001249.html
- https://www.cve.org/CVERecord?id=CVE-2023-7090
- NVD
- Launchpad
- Debian