In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a – argument that defeats a protection mechanism, e.g., an EDITOR=vim – /path/to/extra/file value.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sudo | Sudo_project | 1.8.0 (including) | 1.9.12 (excluding) |
Sudo | Sudo_project | 1.9.12 (including) | 1.9.12 (including) |
Sudo | Sudo_project | 1.9.12-p1 (including) | 1.9.12-p1 (including) |