Debian DLA-970-1 : sudo security update

The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse '/proc/pid/stat' to read the device number of the tty from field 7 ttynr. A sudoers user can take advantage of this flaw on an SELinux-enabled syst...

Sudo Input Validation Vulnerability

Sudo is a program developed by software developer Todd C. Miller for use on Unix-like operating systems that allows users to execute commands in a secure manner with special privileges. An input validation vulnerability exists in the 'getprocessttyname' function in Sudo 1.8.20 and earlier version...

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1450-1)

This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

Debian DSA-3867-1 : sudo - security update

The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse '/proc/pid/stat' to read the device number of the tty from field 7 ttynr. A sudoers user can take advantage of this flaw on an SELinux-enabled syst...

Ubuntu 14.04 LTS / 16.04 LTS : Sudo vulnerability (USN-3304-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3304-1 advisory. It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker i...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : sudo (SSA:2017-150-01)

New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-150-01. The tex...

Scientific Linux Security Update : sudo on SL6.x, SL7.x i386/x86_64 (20170530)

Security Fixes : - A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. CVE-2017-1000367 %NASLMINLEVEL 70300 C Tenable Networ...

Security fix for the ALT Linux 8 package sudo version 1:1.8.20p1-alt1

May 31, 2017 Evgeny Sinelnikov 1:1.8.20p1-alt1 - Update to spring security release Fixes: CVE-2017-1000367...

Ubuntu: Security Advisory (USN-3304-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 / 7 : sudo (ELSA-2017-1382)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-1382 advisory. 1.8.6p3-28 - Fixes CVE-2017-1000367 Resolves: rhbz1455399 Tenable has extracted the preceding description block directly from the Oracle Linux security...

openSUSE Security Update : sudo (openSUSE-2017-636)

This update for sudo fixes the following issues : CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

RHEL 6 / 7 : sudo (RHSA-2017:1382)

An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2017:1446-1)

This update for sudo fixes the following issues: CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

GLSA-201705-15 : sudo: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201705-15 sudo: Privilege escalation Qualys discovered a vulnerability in sudos getprocessttyname for Linux, that via sudottynamescan can be directed to use a user-controlled, arbitrary tty device during its traversal of /dev by...

[SECURITY] [DLA 970-1] sudo security update

Package : sudo Version : 1.8.5p2-1+nmu3+deb7u3 CVE ID : CVE-2017-1000367 Debian Bug : 863731 The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/pid/stat" to read the device number of the tty...

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

[slackware-security] sudo

New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/sudo-1.8.20p1-i586-1slack14.2.txz: Upgraded. This update fixes a potential overwrite of arbitrary syste...

sudo: Privilege escalation in via improper get_process_ttyname() parsing

A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root...

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

USN-3304-1 sudo vulnerability

It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions...