Red Hat Bugzilla – Bug 1459152
CVE-2017-1000368 sudo: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367)
Last modified: 2017-07-26 10:23:35 EDT
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
*** Bug 1458425 has been marked as a duplicate of this bug. ***
Upstream patch seems to be:
Notes about exploitation:
This flaw can lead to executing commands as root, when a root terminal is open on the same machine. Since you actually need a root terminal to be open on the machine the exploit is being run, this is not a straight forward privilege escalation flaw. Therefore this is rated as having Moderate impact.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 5 Extended Lifecycle Support
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2017:1574 https://access.redhat.com/errata/RHSA-2017:1574