exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2017-1000367

Status Candidate

Overview

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Related Files

Sudo get_process_ttyname() For Linux Stack Clash
Posted Jun 20, 2017
Site qualys.com

sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

tags | exploit, info disclosure
advisories | CVE-2017-1000367
SHA-256 | ac65043996573ceeb614f1136d6a563af63993e3f685833845953860f65ca47f
Sudo get_process_ttyname() Race Condition
Posted Jun 2, 2017
Site qualys.com

Sudo's get_process_ttyname() on Linux suffers from a race condition that allows for root privilege escalation.

tags | exploit, root
systems | linux
advisories | CVE-2017-1000367
SHA-256 | fedac891bbdaf97f55757b635d5ae075843da48925d762d5149a49ade19918cd
Red Hat Security Advisory 2017-1382-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1382-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2017-1000367
SHA-256 | 4bfed0c75e7c025ce32520f5663dbc0de3d0ef88afa1aaa16196eab5dab9b4aa
Red Hat Security Advisory 2017-1381-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1381-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2017-1000367
SHA-256 | 72f511ffde80862ec8f67125ada6591bad83b2aaac109f5da2a4c4ccf814eed9
Ubuntu Security Notice USN-3304-1
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3304-1 - It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-1000367
SHA-256 | bde0e222f88f678398a9f46fc30b62d5feca8f52856f50ad72c463b9643345fb
Debian Security Advisory 3867-1
Posted May 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3867-1 - The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.

tags | advisory, root
systems | linux, debian
advisories | CVE-2017-1000367
SHA-256 | 923fef1347ec646736c7f71cf0bec169c3fbd5045ba1dcad1c306f7f9bab4e59
Gentoo Linux Security Advisory 201705-15
Posted May 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-15 - A vulnerability in sudo allows local users to gain root privileges. Versions less than 1.8.20_p1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-1000367
SHA-256 | 50553170e4ac24d9b95a7682d1a6accf3564f42794383c1bb9d50b93ff735bfe
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close