Lucene search

K

[email protected]NVD:CVE-2017-1000367

HistoryJun 05, 2017 - 2:29 p.m.

CVE-2017-1000367

2017-06-0514:29:00

CWE-362

[email protected]

web.nvd.nist.gov

1

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.7%

Todd Miller’s sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Affected configurations

NVD

Node

sudo_projectsudoRange≤1.8.20

References

lists.opensuse.org/opensuse-security-announce/2017-05/msg00077.html

lists.opensuse.org/opensuse-security-announce/2017-05/msg00078.html

lists.opensuse.org/opensuse-security-announce/2017-05/msg00079.html

packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html

seclists.org/fulldisclosure/2017/Jun/3

www.debian.org/security/2017/dsa-3867

www.openwall.com/lists/oss-security/2017/05/30/16

www.openwall.com/lists/oss-security/2022/12/22/5

www.openwall.com/lists/oss-security/2022/12/22/6

www.securityfocus.com/bid/98745

www.securitytracker.com/id/1038582

www.ubuntu.com/usn/USN-3304-1

access.redhat.com/errata/RHSA-2017:1381

access.redhat.com/errata/RHSA-2017:1382

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEXC4NNIG2QOZY6N2YUK246KI3D3UQO/

security.gentoo.org/glsa/201705-15

www.exploit-db.com/exploits/42183/

www.sudo.ws/alerts/linux_tty.html

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.7%