FreeBSD: VID-6193B3F6-548C-11EB-BA01-206A8A720317 (CVE-2021-23239): sudo -- Potential information leak in sudoedit
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-6193B3F6-548C-11EB-BA01-206A8A720317:
Todd C. Miller reports:
A potential information leak in sudoedit that could be used to
test for the existence of directories not normally accessible to
the user in certain circumstances. When creating a new file,
sudoedit checks to make sure the parent directory of the new file
exists before running the editor. However, a race condition exists
if the invoking user can replace (or create) the parent directory.
If a symbolic link is created in place of the parent directory,
sudoedit will run the editor as long as the target of the link
exists.If the target of the link does not exist, an error message
will be displayed. The race condition can be used to test for the
existence of an arbitrary directory. However, it _cannot_ be used
to write to an arbitrary location.
Solution(s)
- freebsd-upgrade-package-sudo
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center