#VU83026 Input validation error in sudo-rs - CVE-2023-42456

Cybersecurity Help s.r.o.

Published: 2023-11-13

Vulnerability identifier: #VU83026

Vulnerability risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-42456

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
sudo-rs
Universal components / Libraries / Libraries used by multiple products

Vendor: Prossimo

Description

The vulnerability allows a remote user to delete arbitrary files on the system.

The vulnerability exists due to insufficient validation certain characters, such as dot (".") and slash ("/") in the username. An attacker with ability tun run the "sudo -k" command can remove arbitrary files on the system given that the attacker has full control over the username on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

sudo-rs: 0.1.0-dev.20230620 - 0.2.0

External links
https://github.com/memorysafety/sudo-rs/commit/bfdbda22968e3de43fa8246cab1681cfd5d5493d
https://github.com/memorysafety/sudo-rs/security/advisories/GHSA-2r3c-m6v7-9354
https://www.openwall.com/lists/oss-security/2023/11/02/1
https://ferrous-systems.com/blog/sudo-rs-audit/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Slackware Linux update for sudo

Privilege escalation in Sudo-rs