Vulnerabilities > CVE-2023-42465 - Unspecified vulnerability in Sudo Project Sudo
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Vulnerable Configurations
References
- https://www.sudo.ws/releases/changelog/
- https://www.openwall.com/lists/oss-security/2023/12/21/9
- https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f
- https://arxiv.org/abs/2309.02545
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15
- https://security.gentoo.org/glsa/202401-29
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/
- https://security.netapp.com/advisory/ntap-20240208-0002/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/