CVE-2023-42465
Published: 22 December 2023
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Notes
| Author | Note |
|---|---|
| rodrigo-zaiden | part of the code in the fix commit, in plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/sudo_auth.c and plugins/sudoers/auth/sudo_auth.h is not built with Ubuntu as it is using PAM support. for the other part, the code fixed in plugins/sudoers/lookup.c was added in version 1.9.15. hence not affecting any Ubuntu releases, and for plugins/sudoers/match.c, part was added in 1.8.21, that if considered just by itself, it doesn't worth patching. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
sudo Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not compiled)
|
| focal |
Not vulnerable
(code not compiled)
|
|
| jammy |
Not vulnerable
(code not compiled)
|
|
| lunar |
Not vulnerable
(code not compiled)
|
|
| mantic |
Not vulnerable
(code not compiled)
|
|
| trusty |
Not vulnerable
(code not compiled)
|
|
| upstream |
Released
(1.9.15p2-2)
|
|
| xenial |
Not vulnerable
(code not compiled)
|
|
|
Patches: upstream: https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.0 |
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |