CVE-2023-22809 PoC — Sudo 安全漏洞

Source

https://github.com/Chan9Yan9/CVE-2023-22809

Associated Vulnerability

Title:Sudo 安全漏洞 (CVE-2023-22809)
Description:In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Description

Analysis & Exploit

Readme

# CVE-2023-22809
Analysis &amp; Exploit

# 基本情况
漏洞编号：CVE-2023-22809

漏洞等级：高危

漏洞评分：7.8分

影响版本：sudo 1.8.0-sudo 1.9.12p1(sudo>=1.8.0 or sudo <=1.9.12p1)

攻击效果：本地提权

# 攻击手法
修改/etc/passwd中root为用户名，见exp_passwd.sh

修改/etc/sudoers规定用户X可以无密码执行任何操作，见exp_sudoers.sh

File Snapshot


 [4.0K]  /data/pocs/601e4082ea4e41d60013fa3ecd0f0df58b7fd608
├── [3.4K]  Analysis.md
├── [1.1K]  exp_passwd.sh
├── [1.1K]  exp_sudoers.sh
├── [4.0K]  picture
│   ├── [ 77K]  10.png
│   ├── [ 68K]  11.png
│   ├── [200K]  12.png
│   ├── [212K]  13.png
│   ├── [ 34K]  1.png
│   ├── [131K]  2.png
│   ├── [ 90K]  3.png
│   ├── [ 98K]  4.png
│   ├── [146K]  5.png
│   ├── [ 74K]  6.png
│   ├── [ 14K]  7.png
│   ├── [180K]  8.png
│   └── [ 43K]  9.png
└── [ 392]  README.md

1 directory, 17 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!