INFSA-2024:0811: sudo security update
Information about definition
Identificator: INFSA-2024:0811
Type: security
Release date: 2025-03-05 17:45:54 UTC
Information about package
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Vulnerabilities description
- CVE-2023-28486
A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information.
- CVE-2023-28487
A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information.
- CVE-2023-42465
A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-28486
|
no information | 5.3 | no information |
|
NIST — CVE-2023-28487
|
no information | 5.3 | no information |
|
NIST — CVE-2023-42465
|
no information | 7.0 | no information |
Updated packages