Linux Sudo ‘/src/ttyname.c’ Local Privilege Escalation Vulnerability (CVE-2017-1000367)
by CIRT Team
Description: When determining tty, Sudo does not correctly parse the contents of /proc/[pid]/ stat, local attackers may use this method to overwrite any file on the file system, bypassing expected permissions or getting the root shell.
Impact: Local attackers could exploit this issue to run arbitrary commands with root privileges. Sudo versions 1.8.6p7 through 1.8.20 are vulnerable.
Mitigation: Updates are available. Please see the references for more information.
26 Oct 2023 - Security Advisories & Alerts