A vulnerability (CVE-2023-22809) yakaonekwa mune sudo package, inoshandiswa kuronga kuitiswa kwemirairo pachinzvimbo chevamwe vashandisi, iyo inobvumira mushandisi wepano kugadzirisa chero faira pane system, iyo, inovabvumira. kuwana kodzero dzemidzi nekushandura /etc/shadow kana system zvinyorwa. Kushandiswa kwekusagadzikana kunoda kuti mushandisi ari musudoers faira apiwe kodzero yekumhanyisa sudoedit utility kana "sudo" ine "-e" mureza.
Kusagadzikana uku kunokonzerwa nekushaikwa kwekubata kwakanaka kwe "-" mavara kana kupatsanura magariro akasiyana anotsanangura chirongwa chinodaidzwa kugadzirisa faira. Mune sudo, iyo "-" kutevedzana inoshandiswa kuparadzanisa mupepeti uye nharo kubva pane rondedzero yemafaira ari kugadziridzwa. Anorwisa anogona kuwedzera kutevedzana kwe "-faira" mushure memupepeti nzira kune SUDO_EDITOR, VISUAL, kana EDITOR nharaunda zvinosiyana, izvo zvinotanga kugadziridzwa kwefaira rakatarwa neropafadzo dzakakwirira pasina kutarisa mitemo yekuwana faira yemushandisi.
Kusagadzikana kunoonekwa kubva kubazi 1.8.0 uye kwakagadziriswa mukugadzirisa kugadzirisa sudo 1.9.12p2. Kuburitswa kwezvigadziriso zvepakeji mukugovera kunogona kuteverwa pamapeji: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch, FreeBSD, NetBSD. Senzira yekuchengetedza, unogona kudzima kugadziridzwa kweSUDO_EDITOR, VISUAL uye EDITOR nharaunda siyana nekutsanangura mune sudoers: Defaults!sudoedit env_delete+="SUDO_EDITOR VISUAL EDITOR"
Source: opennet.ru