All errata/p8/ALT-PU-2017-1687-1
ALT-PU-2017-1687-1

Package update sudo in branch p8

Version1.8.20p2-alt1.M80P.1
Task#183763
Published2017-06-03
Max severityHIGH
Severity:

Closed issues (2)

BDU:2017-01424
HIGH7.2

Уязвимость функции get_process_ttyname программы системного администрирования Sudo, позволяющая нарушителю выполнить произвольную команду и получить доступ к информации

Published: 2017-06-23Modified: 2021-03-23
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2017-1000368
HIGH8.2

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

Published: 2017-06-05Modified: 2025-04-20
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 3.xHIGH 8.2
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References