CVE-2017-1000367

Опубликовано: 05 июн. 2017

Источник: debian

Описание

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
sudo	fixed	1.8.20p1-1		package
sudo	fixed	1.8.19p1-2	buster	package
sudo	fixed	1.8.19p1-2	stretch	package

Примечания

https://www.sudo.ws/alerts/linux_tty.html
https://www.openwall.com/lists/oss-security/2017/05/30/16
https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b

Связанные уязвимости

CVE-2017-1000367

CVSS3: 6.4

ubuntu

больше 8 лет назад

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CVE-2017-1000367

CVSS3: 7.8

redhat

больше 8 лет назад

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CVE-2017-1000367

CVSS3: 6.4

nvd

больше 8 лет назад

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

openSUSE-SU-2017:1455-1

suse-cvrf

больше 8 лет назад

Security update for sudo

SUSE-SU-2017:1450-1

suse-cvrf

больше 8 лет назад

Security update for sudo