Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1196556 | Exploit Issue Tracking Third Party Advisory |
https://github.com/aws/amazon-ssm-agent/commit/0fe8ae99b2ff25649c7b86d3bc05fc037400aca7 | Patch Third Party Advisory |
https://github.com/aws/amazon-ssm-agent/releases/tag/3.1.1208.0 | Patch Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-04-20T09:09:07
Updated: 2022-04-20T09:09:07
Reserved: 2022-04-20T00:00:00
Link: CVE-2022-29527
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-20T10:15:08.073
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-29527
JSON object: View
Redhat Information
No data.