Synology-SA-23:02 Sudo
Publish Time: 2023-03-30 16:17:07 UTC+8
Last Updated: 2023-03-30 16:17:07 UTC+8
- Severity
- Low
- Status
- Ongoing
Abstract
A vulnerability allows local users to conduct privilege escalation attacks via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM).
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 7.1 | Low | Ongoing |
| DSM 7.0 | Low | Ongoing |
| DSM 6.2 | Low | Ongoing |
| DSMUC 3.1 | Low | Ongoing |
| SRM 1.3 | Low | Ongoing |
| SRM 1.2 | Not affected | N/A |
| VS Firmware 3.0 | Low | Ongoing |
Mitigation
None
Detail
- CVE-2023-22809
- Severity: Low
- CVSS3 Base Score: 6.7
- CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2023-03-30 | Initial public release. |