跳转到帖子

Amazon Linux 2023: CVE-2023-28486: Important priority package update for sudo

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Amazon Linux 2023: CVE-2023-28486: Important priority package update for sudo

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
03/16/2023
Created
02/14/2025
Added
02/14/2025
Modified
02/14/2025

Description

Sudo before 1.9.13 does not escape control characters in log messages. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information.

Solution(s)

  • amazon-linux-2023-upgrade-sudo
  • amazon-linux-2023-upgrade-sudo-debuginfo
  • amazon-linux-2023-upgrade-sudo-debugsource
  • amazon-linux-2023-upgrade-sudo-devel
  • amazon-linux-2023-upgrade-sudo-logsrvd
  • amazon-linux-2023-upgrade-sudo-logsrvd-debuginfo
  • amazon-linux-2023-upgrade-sudo-python-plugin
  • amazon-linux-2023-upgrade-sudo-python-plugin-debuginfo

References

  • https://attackerkb.com/topics/cve-2023-28486
  • CVE - 2023-28486
  • https://alas.aws.amazon.com/AL2023/ALAS-2023-135.html
  • 引用
  • Mention
    • 查看数 739
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表