{ "document": { "aggregate_severity": { "text": "High" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/vex/2023/cve-2023-7090-els_os-ubuntu16_04els.json" } ], "tracking": { "current_release_date": "2026-06-14T12:34:42Z", "generator": { "date": "2026-06-14T12:34:42Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-7090-ELS_OS-UBUNTU16.04ELS", "initial_release_date": "2023-12-23T23:15:00Z", "revision_history": [ { "date": "2023-12-23T23:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-11-29T17:57:07Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T22:15:38Z", "number": "3", "summary": "Update document" }, { "date": "2026-06-13T14:58:53Z", "number": "4", "summary": "Update document" }, { "date": "2026-06-14T12:34:42Z", "number": "5", "summary": "Update document" } ], "status": "final", "version": "5" }, "title": "Security update on CVE-2023-7090" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "product": { "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "product_id": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/sudo@1.8.16-0ubuntu1.11%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "sudo-0:1.8.16-0ubuntu1.11.amd64", "product": { "name": "sudo-0:1.8.16-0ubuntu1.11.amd64", "product_id": "sudo-0:1.8.16-0ubuntu1.11.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/sudo@1.8.16-0ubuntu1.11?arch=amd64" } } }, { "category": "product_version", "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "product": { "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "product_id": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/sudo@1.8.16-0ubuntu1.11%2Btuxcare.els3?arch=amd64" } } }, { "category": "product_version", "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "product": { "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "product_id": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/sudo@1.8.16-0ubuntu1.11%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "product": { "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "product_id": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/sudo-ldap@1.8.16-0ubuntu1.11%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "product": { "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "product_id": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/sudo-ldap@1.8.16-0ubuntu1.11%2Btuxcare.els3?arch=amd64" } } }, { "category": "product_version", "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "product": { "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "product_id": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/sudo-ldap@1.8.16-0ubuntu1.11%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "sudo-ldap-0:1.8.16-0ubuntu1.11.amd64", "product": { "name": "sudo-ldap-0:1.8.16-0ubuntu1.11.amd64", "product_id": "sudo-ldap-0:1.8.16-0ubuntu1.11.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/sudo-ldap@1.8.16-0ubuntu1.11?arch=amd64" } } }, { "category": "product_version", "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "product": { "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "product_id": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/sudo@1.8.16-0ubuntu1.11%2Btuxcare.els4?arch=amd64" } } }, { "category": "product_version", "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "product": { "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "product_id": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "product_identification_helper": { "purl": "pkg:deb/cloudlinux/sudo-ldap@1.8.16-0ubuntu1.11%2Btuxcare.els4?arch=amd64" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64" }, "product_reference": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "sudo-0:1.8.16-0ubuntu1.11.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11.amd64" }, "product_reference": "sudo-0:1.8.16-0ubuntu1.11.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64" }, "product_reference": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64" }, "product_reference": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64" }, "product_reference": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64" }, "product_reference": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64" }, "product_reference": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "sudo-ldap-0:1.8.16-0ubuntu1.11.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11.amd64" }, "product_reference": "sudo-ldap-0:1.8.16-0ubuntu1.11.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64" }, "product_reference": "sudo-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64" }, "product_reference": "sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-7090", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "notes": [ { "category": "description", "text": "A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "other", "text": "TuxCare has assessed that this vulnerability does not impact any currently supported TuxCare products. This evaluation may change as new information becomes available. For additional details regarding this vulnerability and affected products, refer to the provided references.", "title": "Statement" } ], "product_status": { "known_not_affected": [ "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-7090" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-7090", "url": "https://access.redhat.com/security/cve/CVE-2023-7090" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html", "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240208-0001/", "url": "https://security.netapp.com/advisory/ntap-20240208-0001/" }, { "category": "external", "summary": "https://www.sudo.ws/releases/legacy/#1.8.28", "url": "https://www.sudo.ws/releases/legacy/#1.8.28" } ], "release_date": "2023-12-23T23:15:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11.amd64" ] } ], "threats": [ { "category": "impact", "details": "Important" }, { "category": "impact", "date": "2026-06-12T12:58:28.890625Z", "details": "CVE-2023-7090 only applies when sudo rules are sourced from SSSD/FreeIPA and matched against host-based entries while an explicit ipa_hostname override is set in /etc/sssd/sssd.conf; local file-based sudo policy does not use this code path. In this environment SSSD’s sudo integration is not enabled and ipa_hostname is not configured (sudo authorization is via /etc/sudoers), so the vulnerable logic is not reachable and the CVE is not applicable.", "product_ids": [ "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "Ubuntu-16:sudo-0:1.8.16-0ubuntu1.11.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els1.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els2.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els3.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11+tuxcare.els4.amd64", "Ubuntu-16:sudo-ldap-0:1.8.16-0ubuntu1.11.amd64" ] } ] } ] }