Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-1000368

Опубликовано: 05 июн. 2017
Источник: debian
EPSS Низкий

Описание

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
sudofixed1.8.20p1-1.1package
sudofixed1.8.19p1-2.1busterpackage
sudofixed1.8.19p1-2.1stretchpackage
sudofixed1.8.10p3-1+deb8u5jessiepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2017/06/02/7

  • https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd

EPSS

Процентиль: 38%
0.00166
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-1000368

CVSS3: 8.2
ubuntu
больше 8 лет назад

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

redhat логотип

CVE-2017-1000368

CVSS3: 7.3
redhat
больше 8 лет назад

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

nvd логотип

CVE-2017-1000368

CVSS3: 8.2
nvd
больше 8 лет назад

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

suse-cvrf логотип

openSUSE-SU-2017:1697-1

suse-cvrf
больше 8 лет назад

Security update for sudo

suse-cvrf логотип

SUSE-SU-2017:1778-1

suse-cvrf
больше 8 лет назад

Security update for sudo

EPSS

Процентиль: 38%
0.00166
Низкий