Home

CVE-2017-1000368

Description

Todd Millers sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

Risk Information

Base Score
8.2
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.166

Associated Vulnerability

VulnerabilityOS Platform
Provide limited super user privileges to specific users (USN-3304-1) sudo_1.8.16-0ubuntu1.6_i386.debLinux
Provide limited super user privileges to specific users (USN-3304-1) sudo_1.8.16-0ubuntu1.6_amd64.debLinux
Provide limited super user privileges to specific users (USN-3304-1) sudo-ldap_1.8.16-0ubuntu1.6_i386.debLinux
Provide limited super user privileges to specific users (USN-3304-1) sudo-ldap_1.8.16-0ubuntu1.6_amd64.debLinux
Sudo security update (CESA-2017:1574) sudo-1.8.6p3-29.el6_9.i686.rpmLinux
Sudo security update (CESA-2017:1574) sudo-1.8.6p3-29.el6_9.x86_64.rpmLinux
Sudo security update (CESA-2017:1574) sudo-devel-1.8.6p3-29.el6_9.i686.rpmLinux
Sudo security update (CESA-2017:1574) sudo-devel-1.8.6p3-29.el6_9.x86_64.rpmLinux
SUSE-SU-2017:1771-1(SUSE Linux Enterprise Desktop 12-SP2 ) sudo-1.8.10p3-10.13.1.x86_64.rpmLinux
SUSE-SU-2017:1771-1(SUSE Linux Enterprise Desktop 12-SP2 ) sudo-debuginfo-1.8.10p3-10.13.1.x86_64.rpmLinux
SUSE-SU-2017:1771-1(SUSE Linux Enterprise Desktop 12-SP2 ) sudo-debugsource-1.8.10p3-10.13.1.x86_64.rpmLinux
(RHSA-2017:1574) sudo security update sudo-1.7.2p1-31.el5_11.i386.rpmLinux
(RHSA-2017:1574) sudo security update sudo-1.7.2p1-31.el5_11.x86_64.rpmLinux
(RHSA-2017:1574) sudo security update sudo-1.8.6p3-29.el6_9.i686.rpmLinux
(RHSA-2017:1574) sudo security update sudo-1.8.6p3-29.el6_9.x86_64.rpmLinux
(RHSA-2017:1574) sudo security update sudo-1.8.6p7-23.el7_3.x86_64.rpmLinux
(RHSA-2017:1574) sudo security update sudo-devel-1.8.6p3-29.el6_9.i686.rpmLinux
(RHSA-2017:1574) sudo security update sudo-devel-1.8.6p3-29.el6_9.x86_64.rpmLinux
(RHSA-2017:1574) sudo security update sudo-devel-1.8.6p7-23.el7_3.i686.rpmLinux
(RHSA-2017:1574) sudo security update sudo-devel-1.8.6p7-23.el7_3.x86_64.rpmLinux
Improper Input Validation Vulnerability (CVE-2017-1000368)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234