CVE-2017-1000367 – Sudo 1.8.20 - 'get_process_ttyname()' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. Un Sudo de Todd Miller’s versión 1.8.20 y anteriores es vulnerable a una validación de entrada (espacios insertados) en la función get_process_ttyname(), resultando en la divulgación de información y la ejecución de comandos. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. • https://www.exploit-db.com/exploits/42183 https://github.com/c0d3z3r0/sudo-CVE-2017-1000367 https://github.com/homjxi0e/CVE-2017-1000367 http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00079.html http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html http://seclists.org/fulldisclosure/2017/Jun/3 http& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-807: Reliance on Untrusted Inputs in a Security Decision •