EulerOS 2.0 SP2 : sudo (EulerOS-SA-2017-1107)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute...

Fedora 24 : sudo (2017-facd994774)

update to 1.8.20p2 - added sudo package to dnf/yum protected packages ---- - update to 1.8.20p1 - fixes CVE-2017-1000367 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean...

EulerOS 2.0 SP1 : sudo (EulerOS-SA-2017-1106)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute...

[SECURITY] Fedora 24 Update: sudo-1.8.20p2-1.fc24

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Fedora Update for sudo FEDORA-2017-facd994774

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : sudo (ALAS-2017-843)

A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. CVE-2017-1000367 C Tenable Network Security, Inc. The descriptive text a...

CVE-2017-1000368

It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root...

Important: sudo

Issue Overview: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. CVE-2017-1000367 Affected Packages: sudo Issue Correctio...

CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...

ALPINE-CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...

DEBIAN-CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...

CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...

CVE-2017-1000368

CVE-2017-1000368 affects Todd Miller’s sudo prior to 1.8.20p1 and earlier, due to input validation in get_process_ttyname() that parses /proc data. This can enable information disclosure and command execution via a local user with sudo privileges. Connected advisories show multiple distributions ...

CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...

CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...

Design/Logic Flaw

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...

DEBIAN-CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...

CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...

UBUNTU-CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...

The vulnerability of the get_process_ttyname function in the system administration software Sudo may allow attackers to elevate their privileges to superuser status and execute arbitrary code.

The vulnerability of the getprocessttyname function in the Sudo system administration program is related to insufficient input data validation. The vulnerability is exploited by creating a symbolic link to the executable file of Sudo, with the file name formatted in a specific way a space followe...