Rapid7 Vulnerability & Exploit Database

Sudoedit Extra Arguments Priv Esc

Back to Search

Sudoedit Extra Arguments Priv Esc



This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit (aka sudo -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. by appending extra entries on /etc/sudoers allowing for execution of an arbitrary payload with root privileges. Affected versions are 1.8.0 through 1.9.12.p1. However THIS module only works against Ubuntu 22.04 and 22.10. This module was tested against sudo 1.9.9-1ubuntu2 on Ubuntu 22.04, and 1.9.11p3-1ubuntu1 on Ubuntu 22.10.


  • h00die
  • Matthieu Barjole
  • Victor Cutillas




x86, x64


Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/local/sudoedit_bypass_priv_esc
msf exploit(sudoedit_bypass_priv_esc) > show targets
msf exploit(sudoedit_bypass_priv_esc) > set TARGET < target-id >
msf exploit(sudoedit_bypass_priv_esc) > show options
    ...show and set options...
msf exploit(sudoedit_bypass_priv_esc) > exploit

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security