Lucene search
DebianDEBIAN:DSA-3867-1:ACD1FHistoryMay 30, 2017 - 3:37 p.m.
[SECURITY] [DSA 3867-1] sudo security update
2017-05-3015:37:59
lists.debian.org
12
0.002 Low
EPSS
Percentile
58.7%
Debian Security Advisory DSA-3867-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
May 30, 2017 https://www.debian.org/security/faq
Package : sudo
CVE ID : CVE-2017-1000367
Debian Bug : 863731
The Qualys Security team discovered that sudo, a program designed to
provide limited super user privileges to specific users, does not
properly parse "/proc/[pid]/stat" to read the device number of the tty
from field 7 (tty_nr). A sudoers user can take advantage of this flaw on
an SELinux-enabled system to obtain full root privileges.
For the stable distribution (jessie), this problem has been fixed in
version 1.8.10p3-1+deb8u4.
We recommend that you upgrade your sudo packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | armhf | sudo-ldap | < 1.8.19p1-2 | sudo-ldap_1.8.19p1-2_armhf.deb |
| Debian | 10 | s390x | sudo-ldap | < 1.8.19p1-2 | sudo-ldap_1.8.19p1-2_s390x.deb |
| Debian | 10 | arm64 | sudo-ldap | < 1.8.19p1-2 | sudo-ldap_1.8.19p1-2_arm64.deb |
| Debian | 7 | i386 | sudo | < 1.8.5p2-1+nmu3+deb7u3 | sudo_1.8.5p2-1+nmu3+deb7u3_i386.deb |
| Debian | 7 | all | sudo | < 1.8.5p2-1+nmu3+deb7u3 | sudo_1.8.5p2-1+nmu3+deb7u3_all.deb |
| Debian | 8 | amd64 | sudo | < 1.8.10p3-1+deb8u4 | sudo_1.8.10p3-1+deb8u4_amd64.deb |
| Debian | 9 | mipsel | sudo | < 1.8.19p1-2 | sudo_1.8.19p1-2_mipsel.deb |
| Debian | 9 | mipsel | sudo-ldap | < 1.8.19p1-2 | sudo-ldap_1.8.19p1-2_mipsel.deb |
| Debian | 10 | ppc64el | sudo | < 1.8.19p1-2 | sudo_1.8.19p1-2_ppc64el.deb |
| Debian | 10 | amd64 | sudo-ldap-dbgsym | < 1.8.19p1-2 | sudo-ldap-dbgsym_1.8.19p1-2_amd64.deb |
Related
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : Sudo vulnerability (USN-3304-1)
2017-05-31 00:00:00
CentOS 6 / 7 : sudo (CESA-2017:1382)
2017-06-01 00:00:00
Virtuozzo 6 : sudo / sudo-devel (VZLSA-2017-1382)
2017-07-13 00:00:00
oraclelinux
oraclelinux
sudo security update
2017-06-01 00:00:00
sudo security update
2017-05-30 00:00:00
f5
f5
sudo vulnerability CVE-2017-1000367
2017-06-13 21:52:00
K23151384 : Sudo vulnerabilities CVE-2017-1000367 and CVE-2017-1000368
2017-06-13 00:00:00
archlinux
archlinux
[ASA-201705-25] sudo: access restriction bypass
2017-05-30 00:00:00
exploitpack
exploitpack
Sudo 1.8.20 - get_process_ttyname() Local Privilege Escalation
2017-06-14 00:00:00
nvd
nvd
CVE-2017-1000367
2017-06-05 14:29:00
fedora
fedora
[SECURITY] Fedora 25 Update: sudo-1.8.20p2-1.fc25
2017-06-03 02:37:39
[SECURITY] Fedora 24 Update: sudo-1.8.20p2-1.fc24
2017-06-08 06:53:51
[SECURITY] Fedora 26 Update: sudo-1.8.20p2-1.fc26
2017-06-09 20:21:45
thn
thn
High-Severity Linux Sudo Flaw Allows Users to Gain Root Privileges
2017-05-31 21:28:00
cve
cve
CVE-2017-1000367
2017-06-05 14:29:00
openvas
openvas
CentOS Update for sudo CESA-2017:1382 centos6
2017-06-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1446-1)
2021-04-19 00:00:00
RedHat Update for sudo RHSA-2017:1382-01
2017-05-31 00:00:00
mageia
mageia
Updated sudo packages fix security vulnerability
2017-07-13 12:10:46
centos
centos
sudo security update
2017-05-31 14:06:33
sudo security update
2017-06-22 20:51:03
suse
suse
Security update for sudo (important)
2017-05-30 21:08:58
Security update for sudo (important)
2017-05-30 21:11:15
Security update for sudo (important)
2017-05-31 12:09:28
debiancve
debiancve
CVE-2017-1000367
2017-06-05 14:29:00
debian
debian
[SECURITY] [DLA 970-1] sudo security update
2017-05-30 23:41:12
[SECURITY] [DSA 3867-1] sudo security update
2017-05-30 15:37:59
[SECURITY] [DLA 1011-1] sudo security update
2017-07-03 15:30:21
packetstorm
packetstorm
Sudo get_process_ttyname() Race Condition
2017-06-02 00:00:00
cloudfoundry
cloudfoundry
USN-3304-1: Sudo vulnerability | Cloud Foundry
2017-06-12 00:00:00
osv
osv
sudo - security update
2017-05-30 00:00:00
CVE-2017-1000367
2017-06-05 14:29:00
sudo - security update
2017-05-30 00:00:00
veracode
veracode
Privilege Escalation
2019-01-15 09:17:30
cvelist
cvelist
CVE-2017-1000367
2017-06-05 00:00:00
threatpost
threatpost
Patches Available for Linux Sudo Vulnerability
2017-05-31 13:55:30
redhat
redhat
(RHSA-2017:1381) Important: sudo security update
2017-05-30 00:00:00
(RHSA-2017:1382) Important: sudo security update
2017-05-30 15:55:46
(RHSA-2017:1574) Moderate: sudo security update
2017-06-22 17:25:15
amazon
amazon
ubuntucve
ubuntucve
CVE-2017-1000367
2017-05-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package sudo version 1:1.8.20p1-alt1
2017-05-31 00:00:00
seebug
seebug
CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux
2017-05-31 00:00:00
slackware
slackware
[slackware-security] sudo
2017-05-30 17:42:26
redhatcve
redhatcve
CVE-2017-1000367
2017-05-30 15:48:50
CVE-2017-1000368
2017-06-06 12:49:37
prion
prion
Design/Logic Flaw
2017-06-05 14:29:00
gentoo
gentoo
sudo: Privilege escalation
2017-05-30 00:00:00
ubuntu
ubuntu
Sudo vulnerability
2017-05-30 00:00:00
exploitdb
exploitdb
Sudo 1.8.20 - 'get_process_ttyname()' Local Privilege Escalation
2017-06-14 00:00:00
ibm
ibm
qualysblog
qualysblog
The Stack Clash
2017-06-19 15:14:57
photon
photon
kitploit
kitploit