SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Sudo Vendors:   sudo.ws
(CentOS Issues Fix) Sudo get_process_ttyname() Command Validation Flaw Lets Local Users Obtain Root Privileges
SecurityTracker Alert ID:  1038597
SecurityTracker URL:  http://securitytracker.com/id/1038597
CVE Reference:   CVE-2017-1000367, CVE-2017-1000368   (Links to External Site)
Date:  May 31 2017
Impact:   Modification of system information, Modification of user information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.8.6p7 through 1.8.20
Description:   A vulnerability was reported in Sudo. A local user can obtain root privileges on the target system.

A local user can issue a specially crafted sudo command to trigger a command validation flaw in the get_process_ttyname() process and cause the system to recognize the user's tty as an arbitrary file on the target system. A local user can exploit this to overwrite arbitrary files on the target system.

Systems with SELinux enabled and with sudo built with SELinux support are affected.

Qualys, Inc. reported this vulnerability.

Impact:   A local user can overwrite arbitrary files with root privileges on the target system.
Solution:   CentOS has issued a fix.

i386:
234d9731d194defd03ff86f5236bfce742de7a31c32da99bfc5dc92c34a932cc sudo-1.8.6p3-28.el6_9.i686.rpm
2e0384d6a78e2a69269c907a1a8c2b3e2f14f0bd2bbc8a035439fbb861307f20 sudo-devel-1.8.6p3-28.el6_9.i686.rpm

x86_64:
980b2bb17f46e9c74c8a533c7d1009de3aabd3c2f6199ff48cead06916215960 sudo-1.8.6p3-28.el6_9.x86_64.rpm
2e0384d6a78e2a69269c907a1a8c2b3e2f14f0bd2bbc8a035439fbb861307f20 sudo-devel-1.8.6p3-28.el6_9.i686.rpm
12899695e89d61499f0871152664f9205ee50b1f2871abe171145b2720ce354b sudo-devel-1.8.6p3-28.el6_9.x86_64.rpm

Source:
d5d28054be4726a6c18c001d64d6cded238f21df55c7266a69426f2c5a4b6f04 sudo-1.8.6p3-28.el6_9.src.rpm

x86_64:
42dce8f1f4a739c711f04b52cee0f3a7c6b0062a66b9a7ebe88c7ac07ba2dcc1 sudo-1.8.6p7-22.el7_3.x86_64.rpm
5779873b00d9587ce58c3f1de3d50cb2d0b18b985b8f8b454d4827c598e8671d sudo-devel-1.8.6p7-22.el7_3.i686.rpm
fb7c4705e525d06d2dde79b96961a653717744b512a4ae7772c5f36ab8ade7f9 sudo-devel-1.8.6p7-22.el7_3.x86_64.rpm

Source:
f09d79baf9dab93d06edba58ecc1386816b3162c60ba8a7501515f6f7f976b05 sudo-1.8.6p7-22.el7_3.src.rpm

Cause:   Access control error, Input validation error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
May 30 2017 Sudo get_process_ttyname() Command Validation Flaw Lets Local Users Obtain Root Privileges



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:1382 Important CentOS 6 sudo Security Update


CentOS Errata and Security Advisory 2017:1382 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1382.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
234d9731d194defd03ff86f5236bfce742de7a31c32da99bfc5dc92c34a932cc  sudo-1.8.6p3-28.el6_9.i686.rpm
2e0384d6a78e2a69269c907a1a8c2b3e2f14f0bd2bbc8a035439fbb861307f20  sudo-devel-1.8.6p3-28.el6_9.i686.rpm

x86_64:
980b2bb17f46e9c74c8a533c7d1009de3aabd3c2f6199ff48cead06916215960  sudo-1.8.6p3-28.el6_9.x86_64.rpm
2e0384d6a78e2a69269c907a1a8c2b3e2f14f0bd2bbc8a035439fbb861307f20  sudo-devel-1.8.6p3-28.el6_9.i686.rpm
12899695e89d61499f0871152664f9205ee50b1f2871abe171145b2720ce354b  sudo-devel-1.8.6p3-28.el6_9.x86_64.rpm

Source:
d5d28054be4726a6c18c001d64d6cded238f21df55c7266a69426f2c5a4b6f04  sudo-1.8.6p3-28.el6_9.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC