EulerOS 2.0 SP2 : sudo (EulerOS-SA-2017-1121)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process statu...

Amazon Linux AMI : sudo (ALAS-2017-855)

It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root...

Medium: sudo

Issue Overview: It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their...

Debian DLA-1011-1 : sudo security update

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution. The previous announcement DLA-970-1 was about a similar security issue CVE-2017-1000367 which wasn't...

SUSE SLES12 Security Update : sudo (SUSE-SU-2017:1778-1)

This update for sudo fixes the following issues : - A regression in the fix for the CVE-2017-1000368 that broke sudo with the 'requiretty' flag bsc1045986 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1771-1)

This update for sudo fixes the following issues : - A regression in the fix for the CVE-2017-1000368 that broke sudo with the 'requiretty' flag bsc1045986 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...

SUSE-SU-2017:1778-1 Security update for sudo

This update for sudo fixes the following issues: - A regression in the fix for the CVE-2017-1000368 that broke sudo with the 'requiretty' flag bsc1045986...

SUSE-SU-2017:1771-1 Security update for sudo

This update for sudo fixes the following issues: - A regression in the fix for the CVE-2017-1000368 that broke sudo with the 'requiretty' flag bsc1045986...

[SECURITY] [DLA 1011-1] sudo security update

Package : sudo Version : 1.8.5p2-1+nmu3+deb7u4 CVE ID : CVE-2017-1000368 Debian Bug : 863897 Todd Millers sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution. The...

openSUSE Security Update : sudo (openSUSE-2017-744)

This update for sudo fixes the following security issue : - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was...

Security update for sudo (important)

This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was...

openSUSE: Security Advisory for sudo (openSUSE-SU-2017:1697-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Scientific Linux Security Update : sudo on SL6.x, SL7.x i386/x86_64 (20170623)

Security Fixes : - It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their...

OracleVM 3.3 / 3.4 : sudo (OVMSA-2017-0114)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fixes CVE-2017-1000368 Resolves: rhbz1459408 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory OVMSA-2017-0114...

RHEL 6 / 7 : sudo (RHSA-2017:1574)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1574 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...

RedHat Update for sudo RHSA-2017:1574-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for sudo CESA-2017:1574 centos7

Check the version of sudo SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882743";...

CentOS Update for sudo CESA-2016:2872 centos7

Check the version of sudo SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882742";...

CentOS Update for sudo CESA-2017:1574 centos6

Check the version of sudo SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882741";...

The vulnerability of the get_process_ttyname function in the Sudo system administration program allows a malicious actor to execute arbitrary commands and gain access to sensitive information.

The vulnerability of the getprocessttyname function in the Sudo system administration program exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely and gain access to sensitive information...