CVE-2017-1000367

Published: 30 May 2017

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Priority

High

CVSS 3 base score: 6.4

Status

Package Release Status
sudo
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.8.16-0ubuntu1.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.8.9p5-1ubuntu1.4)