Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
External References: https://www.sudo.ws/alerts/linux_tty.html https://access.redhat.com/security/vulnerabilities/3059071 https://access.redhat.com/security/cve/CVE-2017-1000367
*** Bug 1458425 has been marked as a duplicate of this bug. ***
Upstream patch seems to be: https://www.sudo.ws/repos/sudo/rev/15a46f4007dd
Notes about exploitation: This flaw can lead to executing commands as root, when a root terminal is open on the same machine. Since you actually need a root terminal to be open on the machine the exploit is being run, this is not a straight forward privilege escalation flaw. Therefore this is rated as having Moderate impact.
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Extended Lifecycle Support Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2017:1574 https://access.redhat.com/errata/RHSA-2017:1574