CVE-2021-23239

Published: 12 January 2021

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

Priority

CVSS 3 base score: 2.5

Status

Package	Release	Status
sudo Launchpad, Ubuntu, Debian	bionic	Released (1.8.21p2-3ubuntu1.4)
	focal	Released (1.8.31-1ubuntu1.2)
	groovy	Released (1.9.1-1ubuntu1.1)
	hirsute	Released (1.9.4p2-2ubuntu2)
	impish	Released (1.9.4p2-2ubuntu2)
	jammy	Released (1.9.4p2-2ubuntu2)
	kinetic	Released (1.9.4p2-2ubuntu2)
	precise	Ignored (end of ESM support, was needs-triage)
	trusty	Needs triage
	upstream	Needs triage
	xenial	Released (1.8.16-0ubuntu1.10)
	Patches: upstream: https://www.sudo.ws/repos/sudo/rev/ea19d0073c02

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Security

CVE-2021-23239

Low

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading