In the SUDO package used to organize commands on behalf of other users, identified vulnerability ( cve-2023-22809 ), which allows the local user to edit any file in the system, which, in turn, allows to achieve a ROOT rights through a change /etc /Shadow or system scripts. For the operation of vulnerability, it is required that the user be given the right to launch the Sudoedit or Sudo with a flag.
Vulnerability is caused by the absence of proper processing of symbols “-” when analyzing variables of the environment that determine the program caused to edit the file. In Sudo, the sequence “-” is used to separate the editor and arguments from the list of edited files. The attacker can add to the variables of the surroundings Sudo_editor, Visual or Editor Slove “- the file” after the path to the editor, which will lead to the initiation of the specified file with increased privileges without checking the user access rules to files.
Vulnerability manifests itself starting with a branch of 1.8.0 and eliminated