CVE-2017-1000367
Published: 30 May 2017
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Priority
CVSS 3 base score: 6.4
Notes
Author | Note |
---|---|
sbeattie | code to parse /proc/pid/stat and walk /dev is not present in precise |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367
- http://www.openwall.com/lists/oss-security/2017/05/30/16
- https://www.sudo.ws/alerts/linux_tty.html
- https://ubuntu.com/security/notices/USN-3304-1
- NVD
- Launchpad
- Debian