---

CVE-2021-23240 - log back

CVE-2021-23240 edited at 11 Jan 2021 17:19:10
References	https://www.openwall.com/lists/oss-security/2021/01/11/2 + https://www.sudo.ws/alerts/sudoedit_selinux.html https://www.sudo.ws/repos/sudo/rev/8fcb36ef422a

CVE-2021-23240 edited at 11 Jan 2021 14:30:35
References	https://www.openwall.com/lists/oss-security/2021/01/11/2 + https://www.sudo.ws/repos/sudo/rev/8fcb36ef422a

CVE-2021-23240 edited at 11 Jan 2021 14:27:20
Severity	- Unknown + High
Remote	- Unknown + Local
Type	- Unknown + Arbitrary filesystem access
Description	+ A security issue was found in sudo before version 1.9.5. On a system with SELinux in permissive mode, an attacker could use sudoedit to change the ownership of arbitrary files by replacing a temporary file owned by an unprivileged user with a symlink to another file.
References	+ https://www.openwall.com/lists/oss-security/2021/01/11/2
Notes	+ Workaround + ========== + + The issue is mitigated by the SELinux enforce mode or the kernel symbolic link protection (sysctl fs.protected_symlinks=1).

CVE-2021-23240 created at 11 Jan 2021 14:08:35