// For flags

CVE-2017-1000367

Sudo 1.8.20 - 'get_process_ttyname()' Local Privilege Escalation

Severity Score

6.4
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

6
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Un Sudo de Todd Miller’s versión 1.8.20 y anteriores es vulnerable a una validación de entrada (espacios insertados) en la función get_process_ttyname(), resultando en la divulgación de información y la ejecución de comandos.

A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-05-30 CVE Published
  • 2017-06-04 First Exploit
  • 2017-06-05 CVE Reserved
  • 2023-05-16 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • CWE-807: Reliance on Untrusted Inputs in a Security Decision
CAPEC
References (23)
URL Tag Source
http://seclists.org/fulldisclosure/2017/Jun/3 Mailing List
http://www.openwall.com/lists/oss-security/2022/12/22/5 Mailing List
http://www.openwall.com/lists/oss-security/2022/12/22/6 Mailing List
http://www.securityfocus.com/bid/98745 Third Party Advisory
URL Date SRC
https://www.exploit-db.com/exploits/42183 2024-08-05
https://github.com/c0d3z3r0/sudo-CVE-2017-1000367 2017-06-05
https://github.com/homjxi0e/CVE-2017-1000367 2017-06-04
http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html 2024-08-05
http://www.openwall.com/lists/oss-security/2017/05/30/16 2024-08-05
http://www.securitytracker.com/id/1038582 2024-08-05
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00077.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00078.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00079.html 2023-11-07
http://www.debian.org/security/2017/dsa-3867 2023-11-07
http://www.ubuntu.com/usn/USN-3304-1 2023-11-07
https://access.redhat.com/errata/RHSA-2017:1381 2023-11-07
https://access.redhat.com/errata/RHSA-2017:1382 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEXC4NNIG2QOZY6N2YUK246KI3D3UQO 2023-11-07
https://security.gentoo.org/glsa/201705-15 2023-11-07
https://www.sudo.ws/alerts/linux_tty.html 2023-11-07
https://access.redhat.com/security/cve/CVE-2017-1000367 2017-05-30
https://bugzilla.redhat.com/show_bug.cgi?id=1453074 2017-05-30
https://access.redhat.com/security/vulnerabilities/3059071 2017-05-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sudo Project
Search vendor "Sudo Project"
 Sudo
Search vendor "Sudo Project" for product "Sudo"
 <= 1.8.20
Search vendor "Sudo Project" for product "Sudo" and version " <= 1.8.20"
-
Affected