CVE-2017-1000368 sudo: Privilege escalation via improper get_process_ttyname parsing

CVE ID

CVE-2017-1000368

DESCRIPTION

It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

CVSS3 Base Score    7.3
Related CVEs: CVE-2017-1000367

RESOLUTION

Fixed in latest Unitrends security update with
   sudo-1.8.6p3-29.el6_9

LINK TO ADVISORIES

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section