OESA-2021-1002

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1002

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1002.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2021-1002

Upstream

CVE-2021-23239

CVE-2021-23240

CVE-2021-3156

Published

2021-01-28T11:02:33Z

Modified

2025-08-12T05:07:30.008496Z

Summary

sudo security update

Details

A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user (normal users and system users, sudoers and non-sudoers), without authentication (i.e., the attacker does not need to know the user's password). Successful exploitation of this flaw could lead to privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-3156)\r\n\r\n The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.(CVE-2021-23239)\r\n\r\n selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.(CVE-2021-23240)\r\n\r\n

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS / sudo

Package

Name: sudo
Purl: pkg:rpm/openEuler/sudo&distro=openEuler-20.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.2-3.oe1

Ecosystem specific

{
    "aarch64": [
        "sudo-1.9.2-2.oe1.aarch64.rpm",
        "sudo-debuginfo-1.9.2-2.oe1.aarch64.rpm",
        "sudo-debugsource-1.9.2-2.oe1.aarch64.rpm",
        "sudo-devel-1.9.2-2.oe1.aarch64.rpm",
        "sudo-help-1.9.2-2.oe1.noarch.rpm",
        "sudo-1.9.2-3.oe1.aarch64.rpm",
        "sudo-debuginfo-1.9.2-3.oe1.aarch64.rpm",
        "sudo-debugsource-1.9.2-3.oe1.aarch64.rpm",
        "sudo-devel-1.9.2-3.oe1.aarch64.rpm",
        "sudo-help-1.9.2-3.oe1.noarch.rpm"
    ],
    "src": [
        "sudo-1.9.2-2.oe1.src.rpm",
        "sudo-1.9.2-3.oe1.src.rpm"
    ],
    "x86_64": [
        "sudo-1.9.2-2.oe1.x86_64.rpm",
        "sudo-debuginfo-1.9.2-2.oe1.x86_64.rpm",
        "sudo-debugsource-1.9.2-2.oe1.x86_64.rpm",
        "sudo-devel-1.9.2-2.oe1.x86_64.rpm",
        "sudo-help-1.9.2-2.oe1.noarch.rpm",
        "sudo-1.9.2-3.oe1.x86_64.rpm",
        "sudo-debuginfo-1.9.2-3.oe1.x86_64.rpm",
        "sudo-debugsource-1.9.2-3.oe1.x86_64.rpm",
        "sudo-devel-1.9.2-3.oe1.x86_64.rpm",
        "sudo-help-1.9.2-3.oe1.noarch.rpm"
    ]
}

openEuler:20.03-LTS-SP1 / sudo

Package

Name: sudo
Purl: pkg:rpm/openEuler/sudo&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.2-3.oe1

Ecosystem specific

{
    "aarch64": [
        "sudo-1.9.2-3.oe1.aarch64.rpm",
        "sudo-debuginfo-1.9.2-3.oe1.aarch64.rpm",
        "sudo-debugsource-1.9.2-3.oe1.aarch64.rpm",
        "sudo-devel-1.9.2-3.oe1.aarch64.rpm",
        "sudo-help-1.9.2-3.oe1.noarch.rpm"
    ],
    "src": [
        "sudo-1.9.2-3.oe1.src.rpm"
    ],
    "x86_64": [
        "sudo-1.9.2-3.oe1.x86_64.rpm",
        "sudo-debuginfo-1.9.2-3.oe1.x86_64.rpm",
        "sudo-debugsource-1.9.2-3.oe1.x86_64.rpm",
        "sudo-devel-1.9.2-3.oe1.x86_64.rpm",
        "sudo-help-1.9.2-3.oe1.noarch.rpm"
    ]
}