What is CVE-2021-23239?

CVE-2021-23239 is a vulnerability in the sudoedit personality of Sudo before version 1.9.5 that may allow a local unprivileged user to perform arbitrary directory-existence tests.

How does CVE-2021-23239 affect Sudo?

CVE-2021-23239 affects Sudo versions before 1.9.5.

What is the severity of CVE-2021-23239?

CVE-2021-23239 has a severity level of Low with a score of 2.5.

Which software are affected by CVE-2021-23239?

Sudo versions before 1.9.5, Netapp Cloud Backup, Netapp Hci Management Node, Netapp Solidfire, Fedora 32, Fedora 33, Debian Linux 10.0 are affected by CVE-2021-23239.

How can the CVE-2021-23239 vulnerability be mitigated?

To mitigate the CVE-2021-23239 vulnerability, users should update their Sudo installations to version 1.9.5 or later.

Vulnerability/
CVE-2021-23239

low

2.5

CWE

59 362

12/1/2021

3/8/2024

CVE-2021-23239: Race Condition

First published: Tue Jan 12 2021(Updated: )

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Sudo Project Sudo	<1.8.32
Sudo Project Sudo	>=1.9.0<1.9.5
Netapp Cloud Backup
Netapp Hci Management Node
Netapp Solidfire
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33
Debian Debian Linux	=10.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-23239?
CVE-2021-23239 is a vulnerability in the sudoedit personality of Sudo before version 1.9.5 that may allow a local unprivileged user to perform arbitrary directory-existence tests.
How does CVE-2021-23239 affect Sudo?
CVE-2021-23239 affects Sudo versions before 1.9.5.
What is the severity of CVE-2021-23239?
CVE-2021-23239 has a severity level of Low with a score of 2.5.
Which software are affected by CVE-2021-23239?
Sudo versions before 1.9.5, Netapp Cloud Backup, Netapp Hci Management Node, Netapp Solidfire, Fedora 32, Fedora 33, Debian Linux 10.0 are affected by CVE-2021-23239.
How can the CVE-2021-23239 vulnerability be mitigated?
To mitigate the CVE-2021-23239 vulnerability, users should update their Sudo installations to version 1.9.5 or later.

collector/nvd-index
agent/event
agent/severity
agent/weakness
agent/references
agent/author
agent/type
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/sudo project
canonical/sudo project sudo
version/sudo project sudo/1.9.0
vendor/netapp
canonical/netapp cloud backup
canonical/netapp hci management node
canonical/netapp solidfire
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/32
version/fedoraproject fedora/33
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.