sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
ac65043996573ceeb614f1136d6a563af63993e3f685833845953860f65ca47fSudo's get_process_ttyname() on Linux suffers from a race condition that allows for root privilege escalation.
fedac891bbdaf97f55757b635d5ae075843da48925d762d5149a49ade19918cdRed Hat Security Advisory 2017-1382-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
4bfed0c75e7c025ce32520f5663dbc0de3d0ef88afa1aaa16196eab5dab9b4aaRed Hat Security Advisory 2017-1381-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
72f511ffde80862ec8f67125ada6591bad83b2aaac109f5da2a4c4ccf814eed9Ubuntu Security Notice 3304-1 - It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions.
bde0e222f88f678398a9f46fc30b62d5feca8f52856f50ad72c463b9643345fbDebian Linux Security Advisory 3867-1 - The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 (tty_nr). A sudoers user can take advantage of this flaw on an SELinux-enabled system to obtain full root privileges.
923fef1347ec646736c7f71cf0bec169c3fbd5045ba1dcad1c306f7f9bab4e59Gentoo Linux Security Advisory 201705-15 - A vulnerability in sudo allows local users to gain root privileges. Versions less than 1.8.20_p1 are affected.
50553170e4ac24d9b95a7682d1a6accf3564f42794383c1bb9d50b93ff735bfe
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed