A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
DescriptionHuzaifa S. Sidhpurwala
2017-05-22 05:54:32 UTC
A flaw was found in the way sudo read the device number of the tty from field 7 (tty_nr) from "/proc/[pid]/stat". A local attacker could use this flaw to escalate his privilege to root.
Comment 1Huzaifa S. Sidhpurwala
2017-05-22 05:54:36 UTC
Acknowledgments:
Name: Qualys Security
Comment 6Huzaifa S. Sidhpurwala
2017-05-25 03:40:10 UTC
Created attachment 1282158[details]
Isolated reproducer with commented out old code (copied code from sudo-1.8.6)
The same patch applies to rhel-6.10 and rhel-6.9.