Linux Sudo ‘/src/ttyname.c’ Local Privilege Escalation Vulnerability (CVE-2017-1000367)
Description: When determining tty, Sudo does not correctly parse the contents of /proc/[pid]/ stat, local attackers may use this method to overwrite any file on the file system, bypassing expected permissions or getting the root shell.
Impact: Local attackers could exploit this issue to run arbitrary commands with root privileges. Sudo versions 1.8.6p7 through 1.8.20 are vulnerable.
Mitigation: Updates are available. Please see the references for more information.
Press release April 2023: Situational Security Alerts from CIRT
21 Apr 2023 - Articles, English articles, News, Notice, Security Advisories & Alerts
Security Best Practices
29 Mar 2023 - Security Advisories & Alerts