Exploit the possiblities
Showing 1 - 7 of 7 RSS Feed

CVE-2017-1000367

Status Candidate

Overview

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Related Files

Sudo get_process_ttyname() For Linux Stack Clash
Posted Jun 20, 2017
Site qualys.com

sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

tags | exploit, info disclosure
advisories | CVE-2017-1000367
MD5 | 83e7a0c6f72cf203c3bcde494776603c
Sudo get_process_ttyname() Race Condition
Posted Jun 2, 2017
Site qualys.com

Sudo's get_process_ttyname() on Linux suffers from a race condition that allows for root privilege escalation.

tags | exploit, root
systems | linux
advisories | CVE-2017-1000367
MD5 | 5eda82fe13ce7a497c72ac993b7334e1
Red Hat Security Advisory 2017-1382-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1382-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2017-1000367
MD5 | 6dbf0fc27ca09e1dd7ae21daf0265614
Red Hat Security Advisory 2017-1381-01
Posted May 30, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1381-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2017-1000367
MD5 | fe603b76cbd6e5dbdaf3b6098d19c8d5
Ubuntu Security Notice USN-3304-1
Posted May 30, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3304-1 - It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2017-1000367
MD5 | c64617cb61ac5cfaf80a0f5198674a73
Debian Security Advisory 3867-1
Posted May 30, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3867-1 - The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.

tags | advisory, root
systems | linux, debian
advisories | CVE-2017-1000367
MD5 | 11c5b86698e660269acf2d0a6591dfa5
Gentoo Linux Security Advisory 201705-15
Posted May 30, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-15 - A vulnerability in sudo allows local users to gain root privileges. Versions less than 1.8.20_p1 are affected.

tags | advisory, local, root
systems | linux, gentoo
advisories | CVE-2017-1000367
MD5 | 50dbb311c107f01cd173cbf1c479dcf4
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close