CVE-2017-1000367

Опубликовано: 05 июн. 2017

Источник: ubuntu

Приоритет: high

CVSS2: 6.9

CVSS3: 6.4

Описание

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Релиз	Статус	Примечание
devel	released	1.8.20p2-1ubuntu1
esm-infra-legacy/trusty	released	1.8.9p5-1ubuntu1.4
esm-infra/xenial	released	1.8.16-0ubuntu1.4
precise/esm	not-affected	code not present
trusty	released	1.8.9p5-1ubuntu1.4
trusty/esm	released	1.8.9p5-1ubuntu1.4
upstream	needs-triage
vivid/stable-phone-overlay	ignored	end of life
vivid/ubuntu-core	released	1.8.9p5-1ubuntu5.1
xenial	released	1.8.16-0ubuntu1.4

Показывать по

Ссылки на источники

6.9 Medium

CVSS2

6.4 Medium

CVSS3

Связанные уязвимости

CVE-2017-1000367

CVSS3: 7.8

redhat

больше 8 лет назад

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CVE-2017-1000367

CVSS3: 6.4

nvd

больше 8 лет назад

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CVE-2017-1000367

CVSS3: 6.4

debian

больше 8 лет назад

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an inpu ...

openSUSE-SU-2017:1455-1

suse-cvrf

больше 8 лет назад

Security update for sudo

SUSE-SU-2017:1450-1

suse-cvrf

больше 8 лет назад

Security update for sudo

6.9 Medium

CVSS2

6.4 Medium

CVSS3

CVE-2017-1000367

Описание

Пакет sudo

Ссылки на источники

Связанные уязвимости