selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
13 Sep 2021, 19:48
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MLIST) https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E - Mailing List, Third Party Advisory |
29 Jun 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-01-12 09:15
Updated : 2024-02-04 21:23
NVD link : CVE-2021-23240
Mitre link : CVE-2021-23240
CVE.ORG link : CVE-2021-23240
JSON object : View
Products Affected
netapp
- solidfire
- hci_management_node
sudo_project
- sudo
fedoraproject
- fedora
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')