Linux Sudo ‘/src/ttyname.c’ Local Privilege Escalation Vulnerability (CVE-2017-1000367)

Description: When determining tty, Sudo does not correctly parse the contents of /proc/[pid]/ stat, local attackers may use this method to overwrite any file on the file system, bypassing expected permissions or getting the root shell.

Impact: Local attackers could exploit this issue to run arbitrary commands with root privileges. Sudo versions 1.8.6p7 through 1.8.20 are vulnerable.

Mitigation: Updates are available. Please see the references for more information.

Reference URL’s: