Home

CVE-2017-1000367

Description

Todd Millers sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Risk Information

Base Score
6.4
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
19.435

Associated Vulnerability

VulnerabilityOS Platform
Provide limited super user privileges to specific users (USN-2533-1) sudo-ldap_1.8.9p5-1ubuntu1.4_i386.debLinux
Provide limited super user privileges to specific users (USN-2533-1) sudo-ldap_1.8.9p5-1ubuntu1.4_amd64.debLinux
Provide limited super user privileges to specific users (USN-3304-1) sudo_1.8.9p5-1ubuntu1.4_i386.debLinux
Provide limited super user privileges to specific users (USN-3304-1) sudo_1.8.9p5-1ubuntu1.4_amd64.debLinux
Provide limited super user privileges to specific users (USN-3304-1) sudo-ldap_1.8.9p5-1ubuntu1.4_i386.debLinux
Provide limited super user privileges to specific users (USN-3304-1) sudo-ldap_1.8.9p5-1ubuntu1.4_amd64.debLinux
sudo security update(DSA-3867-1) sudo_1.8.10p3-1+deb8u4_amd64.debLinux
sudo security update(DSA-3867-1) sudo_1.8.10p3-1+deb8u4_kfreebsd-i386.debLinux
sudo security update(DSA-3867-1) sudo_1.8.10p3-1+deb8u4_kfreebsd-amd64.debLinux
Sudo security update (CESA-2017:1574) sudo-1.8.6p3-29.el6_9.i686.rpmLinux
Sudo security update (CESA-2017:1574) sudo-1.8.6p3-29.el6_9.x86_64.rpmLinux
Sudo security update (CESA-2017:1574) sudo-devel-1.8.6p3-29.el6_9.i686.rpmLinux
Sudo security update (CESA-2017:1574) sudo-devel-1.8.6p3-29.el6_9.x86_64.rpmLinux
SUSE-SU-2017:1446-1(SUSE Linux Enterprise Desktop 12-SP1 ) sudo-1.8.10p3-2.11.1.x86_64.rpmLinux
SUSE-SU-2017:1446-1(SUSE Linux Enterprise Desktop 12-SP1 ) sudo-debuginfo-1.8.10p3-2.11.1.x86_64.rpmLinux
SUSE-SU-2017:1446-1(SUSE Linux Enterprise Desktop 12-SP1 ) sudo-debugsource-1.8.10p3-2.11.1.x86_64.rpmLinux
(RHSA-2017:1381) sudo security update sudo-1.7.2p1-30.el5_11.i386.rpmLinux
(RHSA-2017:1381) sudo security update sudo-1.7.2p1-30.el5_11.x86_64.rpmLinux
(RHSA-2017:1382) sudo security update sudo-1.8.6p3-28.el6_9.i686.rpmLinux
(RHSA-2017:1382) sudo security update sudo-1.8.6p3-28.el6_9.x86_64.rpmLinux
(RHSA-2017:1382) sudo security update sudo-1.8.6p7-22.el7_3.x86_64.rpmLinux
(RHSA-2017:1382) sudo security update sudo-devel-1.8.6p3-28.el6_9.i686.rpmLinux
(RHSA-2017:1382) sudo security update sudo-devel-1.8.6p3-28.el6_9.x86_64.rpmLinux
(RHSA-2017:1382) sudo security update sudo-devel-1.8.6p7-22.el7_3.i686.rpmLinux
(RHSA-2017:1382) sudo security update sudo-devel-1.8.6p7-22.el7_3.x86_64.rpmLinux
(CESA-2017:1382) sudo security update sudo-devel-1.8.6p7-22.el7_3.i686.rpmLinux
(CESA-2017:1382) sudo security update sudo-devel-1.8.6p7-22.el7_3.x86_64.rpmLinux
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability (CVE-2017-1000367)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234