ALT-PU-2017-1674-1
Closed vulnerabilities
Published: 2017-05-30
BDU:2017-01283
Уязвимость функции get_process_ttyname программы системного администрирования Sudo может позволить нарушителю повысить привилегии до уровня суперпользователя и выполнить произвольный код
References:
Published: 2017-06-05
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-1000367
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Severity: MEDIUM (6.4)
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
- SUSE-SU-2017:1446
- SUSE-SU-2017:1446
- SUSE-SU-2017:1450
- SUSE-SU-2017:1450
- openSUSE-SU-2017:1455
- openSUSE-SU-2017:1455
- http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html
- http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html
- 20170602 Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux
- 20170602 Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux
- DSA-3867
- DSA-3867
- [oss-security] 20170530 Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux
- [oss-security] 20170530 Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux
- [oss-security] 20221222 Re: [Linux] /proc/pid/stat parsing bugs
- [oss-security] 20221222 Re: [Linux] /proc/pid/stat parsing bugs
- [oss-security] 20221222 Re: [Linux] /proc/pid/stat parsing bugs
- [oss-security] 20221222 Re: [Linux] /proc/pid/stat parsing bugs
- 98745
- 98745
- 1038582
- 1038582
- USN-3304-1
- USN-3304-1
- RHSA-2017:1381
- RHSA-2017:1381
- RHSA-2017:1382
- RHSA-2017:1382
- FEDORA-2017-54580efa82
- FEDORA-2017-54580efa82
- GLSA-201705-15
- GLSA-201705-15
- 42183
- 42183
- https://www.sudo.ws/alerts/linux_tty.html
- https://www.sudo.ws/alerts/linux_tty.html