Linux Sudo ‘/src/ttyname.c’ Local Privilege Escalation Vulnerability (CVE-2017-1000367)

by CIRT Team

Description: When determining tty, Sudo does not correctly parse the contents of /proc/[pid]/ stat, local attackers may use this method to overwrite any file on the file system, bypassing expected permissions or getting the root shell.

Impact: Local attackers could exploit this issue to run arbitrary commands with root privileges. Sudo versions 1.8.6p7 through 1.8.20 are vulnerable.

Mitigation: Updates are available. Please see the references for more information.

Reference URL’s:

• http://www.securityfocus.com/bid/98745/info
• http://www.openwall.com/lists/oss-security/2017/05/30/16
• https://www.sudo.ws/alerts/linux_tty.html
• https://access.redhat.com/security/cve/cve-2017-1000367
• https://security-tracker.debian.org/tracker/CVE-2017-1000367
• https://www.suse.com/security/cve/CVE-2017-1000367/

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts