A flaw was found in the way sudo read the device number of the tty from field 7 (tty_nr) from "/proc/[pid]/stat". A local attacker could use this flaw to escalate his privilege to root.
Acknowledgments: Name: Qualys Security
Created attachment 1282109 [details] sudo patch
Created attachment 1282148 [details] proposed rhel-7.3.z patch
Created attachment 1282158 [details] Isolated reproducer with commented out old code (copied code from sudo-1.8.6) The same patch applies to rhel-6.10 and rhel-6.9.
Created sudo tracking bugs for this issue: Affects: fedora-all [bug 1456884]
External References: https://www.sudo.ws/alerts/linux_tty.html https://access.redhat.com/security/vulnerabilities/3059071
References: http://seclists.org/oss-sec/2017/q2/358
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Extended Lifecycle Support Via RHSA-2017:1381 https://access.redhat.com/errata/RHSA-2017:1381
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 6 Via RHSA-2017:1382 https://access.redhat.com/errata/RHSA-2017:1382