The vulnerability of the get_process_ttyname function in the system administration software Sudo may allow attackers to elevate their privileges to superuser status and execute arbitrary code.

The vulnerability of the getprocessttyname function in the Sudo system administration program is related to insufficient input data validation. The vulnerability is exploited by creating a symbolic link to the executable file of Sudo, with the file name formatted in a specific way a space followe...

CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...

Oracle Linux 5 : sudo (ELSA-2017-1381)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2017-1381 advisory. 1.7.2p1-29.0.1 - Fix CVE-2017-1000367 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

Fedora 25 : sudo (2017-54580efa82)

update to 1.8.20p2 - added sudo package to dnf/yum protected packages ---- - update to 1.8.20p1 - fixes CVE-2017-1000367 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean...

[SECURITY] Fedora 25 Update: sudo-1.8.20p2-1.fc25

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Fedora Update for sudo FEDORA-2017-54580efa82

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sudo get_process_ttyname() Race Condition Vulnerability

Sudo's getprocessttyname on Linux suffers from a race condition that allows for root privilege escalation. Qualys Security Advisory CVE-2017-1000367 in Sudo's getprocessttyname for Linux ======================================================================== Contents...

Sudo get_process_ttyname() Race Condition

Qualys Security Advisory CVE-2017-1000367 in Sudo's getprocessttyname for Linux ======================================================================== Contents ======================================================================== Analysis Exploitation Example Acknowledgments...

RHEL 5 : sudo (RHSA-2017:1381)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:1381 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...

Exploit for Race Condition in Sudo_Project Sudo

PoC exploit for CVE-2017-1000367, a vulnerability in the Linux sudo command. The target is the Linux operating system, specifically the sudo command. The vulnerability class is a privilege escalation vulnerability, allowing an attacker to gain root privileges. The probable entry point is the...

CentOS 6 / 7 : sudo (CESA-2017:1382)

An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

CentOS Update for sudo CESA-2017:1382 centos7

Check the version of sudo SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882727";...

CentOS Update for sudo CESA-2017:1382 centos6

Check the version of sudo SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882729";...

openSUSE: Security Advisory for sudo (openSUSE-SU-2017:1455-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

High-Severity Linux Sudo Flaw Allows Users to Gain Root Privileges

A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "getprocessttyname" function f...

sudo security update

CentOS Errata and Security Advisory CESA-2017:1382 An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...

Patches Available for Linux Sudo Vulnerability

Red Hat, Debian and other Linux distributions yesterday pushed out patches for a high-severity vulnerability in sudo that could be abused by a local attacker to gain root privileges. Sudo is a program for Linux and UNIX systems that allows standard users to run specific commands as a superuser,...

Security update for sudo (important)

This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux

======================================================================== Contents ======================================================================== Analysis Exploitation Example Acknowledgments ======================================================================== Analysis...

RedHat Update for sudo RHSA-2017:1382-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...