Vulnerability Details : CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Vulnerability category: Information leak

Published 2017-06-05 14:29:00

Updated 2022-12-22 22:15:09

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-1000367

Probability of exploitation activity in the next 30 days: 0.21%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-1000367

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	[email protected]
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
6.4	MEDIUM	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	0.5	5.9	[email protected]
Attack Vector: Local Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-1000367

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: [email protected] (Primary)

References for CVE-2017-1000367

https://lists.fedoraproject.org/archives/list/[email protected]/message/VXEXC4NNIG2QOZY6N2YUK246KI3D3UQO/

Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00079.html

Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1382

Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1381

Third Party Advisory
http://seclists.org/fulldisclosure/2017/Jun/3

Mailing List;Third Party Advisory
https://security.gentoo.org/glsa/201705-15

Third Party Advisory
http://www.securitytracker.com/id/1038582

Exploit;Third Party Advisory;VDB Entry
http://www.openwall.com/lists/oss-security/2017/05/30/16

Exploit;Mailing List;Third Party Advisory
https://www.exploit-db.com/exploits/42183/

Third Party Advisory;VDB Entry
http://www.openwall.com/lists/oss-security/2022/12/22/5
http://www.ubuntu.com/usn/USN-3304-1

Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00077.html

Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00078.html

Third Party Advisory
https://www.sudo.ws/alerts/linux_tty.html

Vendor Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html

Exploit;Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/98745

Third Party Advisory;VDB Entry
http://www.openwall.com/lists/oss-security/2022/12/22/6
http://www.debian.org/security/2017/dsa-3867

Third Party Advisory

Products affected by CVE-2017-1000367

Sudo Project » Sudo
Versions up to, including, (<=) 1.8.20
cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
Matching versions