Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-6193B3F6-548C-11EB-BA01-206A8A720317 (CVE-2021-23239): sudo -- Potential information leak in sudoedit

Back to Search

FreeBSD: VID-6193B3F6-548C-11EB-BA01-206A8A720317 (CVE-2021-23239): sudo -- Potential information leak in sudoedit

Severity
2
CVSS
(AV:L/AC:M/Au:N/C:P/I:N/A:N)
Published
01/11/2021
Created
01/15/2021
Added
01/12/2021
Modified
03/08/2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-6193B3F6-548C-11EB-BA01-206A8A720317:

Todd C. Miller reports:

A potential information leak in sudoedit that could be used to

test for the existence of directories not normally accessible to

the user in certain circumstances. When creating a new file,

sudoedit checks to make sure the parent directory of the new file

exists before running the editor. However, a race condition exists

if the invoking user can replace (or create) the parent directory.

If a symbolic link is created in place of the parent directory,

sudoedit will run the editor as long as the target of the link

exists.If the target of the link does not exist, an error message

will be displayed. The race condition can be used to test for the

existence of an arbitrary directory. However, it _cannot_ be used

to write to an arbitrary location.

Solution(s)

  • freebsd-upgrade-package-sudo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;