CVE-2023-22809 PoC — Sudo 安全漏洞

Source

https://github.com/hello4r1end/patch_CVE-2023-22809

Associated Vulnerability

Title:Sudo 安全漏洞 (CVE-2023-22809)
Description:In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Readme

# patch_CVE-2023-22809

Bash Script: sudo Installation

This Bash script automates the installation of the latest version of `sudo` on your system.

Prerequisites

- Linux-based operating system
- `wget` package installed (can be installed using the package manager)


Usage
1. Clone or download this repository to your local machine.
2. Navigate to the directory containing the script.
3. Open a terminal in the script's directory.
4. Make the script executable with the following command:
   ```bash
   chmod +x CVE-2023-22809Patch.sh
Run the script with elevated privileges:
bash
Copy code
sudo ./install_sudo.sh
The script will download the latest version of sudo from the specified URL and install it on your system. The URL can be modified to point to a different source if needed. Once the installation is complete, you can use sudo with the updated version.

File Snapshot


 [4.0K]  /data/pocs/c1b08f1dca25ac602b5229db98693ba2353c5bb2
├── [ 447]  CVE-2023-22809Patch.sh
└── [ 866]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!