Published: 05/06/2017 Updated: 29/05/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 8.2 | Impact Score: 6 | Exploitability Score: 1.5

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Todd Miller's sudo version 1.8.20p1 and previous versions is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sudo project sudo 1.8.20
sudo project sudo

Synopsis Moderate: sudo security update Type/Severity Security Advisory: Moderate Topic An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a securit ...

Debian Bug report logs - #863897 sudo: CVE-2017-1000368: Arbitrary terminal access due to issue in parsing /proc/[pid]/stat when process name contains newline Package: src:sudo; Maintainer for src:sudo is Bdale Garbee <bdale@gagcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Jun 2017 18:45:0 ...

Sudo could be made to overwrite files if it received a specially crafted input ...

Several security issues were fixed in Sudo ...

It was found that the original fix for CVE-2017-1000367 was incomplete A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root (CVE-2017-1000368) ...

When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295 This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root acc ...

Search for known vulnerabilities in software using software titles or a CPE 2.3 string

search_vulns Search for known vulnerabilities in software using software titles or a CPE 23 string About search_vulns can be used to search for known vulnerabilities in software To achieve this, the tool utilizes a locally built vulnerability database, currently containing CVE information from the National Vulnerability Database (NVD) and exploit information from the Exploit

Script to check an installed packages list against the ubuntu-cve-tracker

Active CVE Check Checks a list of packages against the "active" (not yet patched) CVE's as listed in the Ubuntu CVE Tracker CVE information is fetched from the cvecircllu API How to use Get the Ubuntu CVE Tracker repository (this will need to be updated periodically) bzr branch lp:ubuntu-cve-tracker Grab a list of installed packages from your Ubuntu host apt

CWE-20 https://www.sudo.ws/alerts/linux_tty.html http://www.securityfocus.com/bid/98838 https://security.gentoo.org/glsa/201710-04 https://kc.mcafee.com/corporate/index?page=content&id=SB10205 https://access.redhat.com/errata/RHSA-2017:1574 https://usn.ubuntu.com/3968-1/https://usn.ubuntu.com/3968-2/https://access.redhat.com/errata/RHSA-2017:1574 https://nvd.nist.gov https://usn.ubuntu.com/3968-2/

CVE-2017-1000368

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect