The vulnerability of the get_process_ttyname function in the Sudo system administration program allows a malicious actor to execute arbitrary commands and gain access to sensitive information.

The vulnerability of the getprocessttyname function in the Sudo system administration program exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely and gain access to sensitive information...

CentOS 6 / 7 : sudo (CESA-2017:1574)

An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

sudo security update

CentOS Errata and Security Advisory CESA-2017:1574 An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A...

sudo: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367)

It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root...

Moderate: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0021

An update of zlib,bindutils,ruby,krb5,sudo packages for PhotonOS has been released...

SUSE SLES12 Security Update : sudo (SUSE-SU-2017:1627-1)

This update for sudo fixes the following issues : - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was fixed :...

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1626-1)

This update for sudo fixes the following security issue : - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was...

EMC Isilon OneFS Privilege Escalation Vulnerability

EMC Isilon OneFS is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

SUSE-SU-2017:1626-1 Security update for sudo

This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was...

SUSE-SU-2017:1627-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was fixed: -...

Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access

Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root. Major Linux and open source distributors have made patches available today, and systems running Linux, OpenBSD,...

Sudo - get_process_ttyname() Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits / E-DB Note: http://www.openwall.com/lists/oss-security/2017/05/30/16 E-DB Note: http://seclists.org/oss-sec/2017/q2/470 LinuxsudoCVE-2017-1000367.c Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or...

Schneider Electric U.motion Builder Local Elevation of Privilege Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A local elevation of privilege vulnerability exists in Schneider Electric U.motion Builder. The network management account is set to function as sudo without a password. An attacker can exploit the vulnerability to execute...

Sudo 1.8.20 - get_process_ttyname() Local Privilege Escalation

Sudo 1.8.20 - getprocessttyname Local Privilege Escalation / E-DB Note: http://www.openwall.com/lists/oss-security/2017/05/30/16 E-DB Note: http://seclists.org/oss-sec/2017/q2/470 LinuxsudoCVE-2017-1000367.c Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/...

Sudo 1.8.20 - 'get_process_ttyname()' Local Privilege Escalation

/ E-DB Note: http://www.openwall.com/lists/oss-security/2017/05/30/16 E-DB Note: http://seclists.org/oss-sec/2017/q2/470 LinuxsudoCVE-2017-1000367.c Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public...

sudo vulnerability CVE-2017-1000367

F5 Product Development has evaluated the currently supported releases for potential vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the...

(0Day) Schneider Electric U.motion Builder Local Privilege Escalation Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the system configuration. The web administration account is s...

USN-3304-1: Sudo vulnerability | Cloud Foundry

Severity High Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwri...

[SECURITY] Fedora 26 Update: sudo-1.8.20p2-1.fc26

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...