CVE-2017-1000367

EPSS 8.0%

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Affected products

n/a · n/a

public PoCs found — 7

githubgithub.com/c0d3z3r0/sudo-CVE-2017-1000367★ 113 githubgithub.com/pucerpocok/sudo_exploit★ 6 githubgithub.com/homjxi0e/CVE-2017-1000367★ 1 githubgithub.com/letsr00t/CVE-2017-1000367★ 0 cve_referencepacketstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.htmlunverified cve_referencewww.exploit-db.com/exploits/42183/unverified exploitdbwww.exploit-db.com/exploits/42183unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00079.html http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html https://access.redhat.com/errata/RHSA-2017:1381 https://access.redhat.com/errata/RHSA-2017:1382 http://seclists.org/fulldisclosure/2017/Jun/3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEXC4NNIG2QOZY6N2YUK246KI3D3UQO/https://security.gentoo.org/glsa/201705-15 https://www.exploit-db.com/exploits/42183/https://www.sudo.ws/alerts/linux_tty.html http://www.debian.org/security/2017/dsa-3867