CVE-2023-42465
First published: Thu Dec 21 2023(Updated: )
From <a href="https://www.openwall.com/lists/oss-security/2023/12/21/9">https://www.openwall.com/lists/oss-security/2023/12/21/9</a> a new CVE has been reserved against the sudo package. ''' Our recent paper<<a href="https://arxiv.org/pdf/2309.02545.pdf">https://arxiv.org/pdf/2309.02545.pdf</a>> [AsiaCCS'24] describes a potential vulnerability where stack/register variables can be flipped via fault injection, affecting execution flow in security-sensitive code. There are mitigation strategies you may be interested in incorporating into your code: Take this vulnerable code, for example: int auth = 0; //password check code that sets auth variable if(auth != 0) return AUTH_SUCCESS; else return AUTH_FAILURE; The idea is that any bit can be flipped in auth, and it will result in a mis-authentication. We prove this is a potential vulnerability in OpenSSH, OpenSSL, MySQL, and SUDO. To mitigate this, it is important to have tight logic such that a single-bit flip will not result in unintended execution. For example: int auth = 0xbe405d1a; // password check code that sets auth variable to 0x23ab9701 is successful If(auth == 0x23ab9701) return AUTH_SUCCESS; else return AUTH_FAILURE; In this case, the auth variable must be corrupted into the exact authentication pattern, which is fairly improbable. We issued <a href="https://access.redhat.com/security/cve/CVE-2023-42465">CVE-2023-42465</a> for SUDO for this vulnerability. Here is the patch implemented in v1.9.15. <a href="https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f">https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f</a> Paper link: <a href="https://arxiv.org/abs/2309.02545">https://arxiv.org/abs/2309.02545</a> Caner Tol ___________________________ Worcester Polytechnic Institute <a href="https://vernamlab.org">https://vernamlab.org</a><<a href="https://vernamlab.org/">https://vernamlab.org/</a>> '''
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sudo Project Sudo | <1.9.15 | |
| redhat/sudo | <1.9.15 | 1.9.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.openwall.com/lists/oss-security/2023/12/21/9
- https://arxiv.org/pdf/2309.02545.pdf
- https://access.redhat.com/security/cve/CVE-2023-42465
- https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f
- https://arxiv.org/abs/2309.02545
- https://vernamlab.org
- https://vernamlab.org/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2255569
- https://access.redhat.com/errata/RHSA-2024:0811
- https://bugzilla.redhat.com/show_bug.cgi?id=2255568
- https://www.sudo.ws/releases/changelog/
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15
- https://security.gentoo.org/glsa/202401-29
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/
- https://security.netapp.com/advisory/ntap-20240208-0002/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/275681
- https://www.ibm.com/support/pages/node/7144861 (Advisory)
- agent/type
- agent/event
- agent/remedy
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-42465
- agent/software-canonical-lookup
- agent/severity
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/sudo project
- canonical/sudo project sudo