CVE-2021-23239
12.01.2021, 09:15
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
Vendor | Product | Version |
---|---|---|
sudo_project | sudo | 𝑥 < 1.8.32 |
sudo_project | sudo | 1.9.0 ≤ 𝑥 < 1.9.5 |
netapp | cloud_backup | - |
netapp | hci_management_node | - |
netapp | solidfire | - |
debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
sudo |
|
References