6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
58.0%
Severity: Medium
Date : 2017-05-30
CVE-ID : CVE-2017-1000367
Package : sudo
Type : access restriction bypass
Remote : No
Link : https://security.archlinux.org/AVG-282
The package sudo before version 1.8.20.p1-1 is vulnerable to access
restriction bypass.
Upgrade to 1.8.20.p1-1.
The problem has been fixed upstream in version 1.8.20.p1.
None.
On Linux systems, sudo parses the /proc/[pid]/stat file to determine
the device number of the process’s tty (field 7). The fields in the
file are space-delimited, but it is possible for the command name
(field 2) to include spaces, which sudo does not account for. A user
with sudo privileges can cause sudo to use a device number of the
user’s choosing by creating a symbolic link from the sudo binary to a
name that contains a space, followed by a number.
This may allow a user to be able to bypass the “tty_ticket”
constraints. In order for this to succeed there must exist on the
machine a terminal device that the user has previously authenticated
themselves on via sudo within the last time stamp timeout (5 minutes by
default).
A local attacker is able to extend the lifetime of a previously
authenticated ticket beyond the “tty_ticket” timeout constraints.
https://www.sudo.ws/alerts/linux_tty.html
http://www.openwall.com/lists/oss-security/2017/05/30/16
https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b
https://security.archlinux.org/CVE-2017-1000367
6.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
58.0%