SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Sudo Vendors:   sudo.ws
(CentOS Issues Fix) Sudo get_process_ttyname() Command Validation Flaw Lets Local Users Obtain Root Privileges
SecurityTracker Alert ID:  1038774
SecurityTracker URL:  http://securitytracker.com/id/1038774
CVE Reference:   CVE-2017-1000367, CVE-2017-1000368   (Links to External Site)
Date:  Jun 23 2017
Impact:   Modification of system information, Modification of user information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.8.6p7 through 1.8.20
Description:   A vulnerability was reported in Sudo. A local user can obtain root privileges on the target system.

A local user can issue a specially crafted sudo command to trigger a command validation flaw in the get_process_ttyname() process and cause the system to recognize the user's tty as an arbitrary file on the target system. A local user can exploit this to overwrite arbitrary files on the target system.

Systems with SELinux enabled and with sudo built with SELinux support are affected.

Qualys, Inc. reported this vulnerability.

Impact:   A local user can overwrite arbitrary files with root privileges on the target system.
Solution:   CentOS has issued a fix.

i386:
d4582256e5f725240955991ce407b68379735965ed32349e905386e2bd5d643a sudo-1.8.6p3-29.el6_9.i686.rpm
a41bc51c412e9416e9c14945dbabcbbb59868ca77b601d9c98df2f53515bbf52 sudo-devel-1.8.6p3-29.el6_9.i686.rpm

x86_64:
ecbde1c16e513f01cb75b8308f6b15edc1ebda985a9a337149a896ad3fd9dc30 sudo-1.8.6p3-29.el6_9.x86_64.rpm
a41bc51c412e9416e9c14945dbabcbbb59868ca77b601d9c98df2f53515bbf52 sudo-devel-1.8.6p3-29.el6_9.i686.rpm
c00e9b8c8034c007b022032eca50568a0bfd6243e018086c7758c4aa1f1c1679 sudo-devel-1.8.6p3-29.el6_9.x86_64.rpm

Source:
c0e5cd05d3c17e29ff9c249681be1167e892fa6a96d4118d3a7fa812d565018a sudo-1.8.6p3-29.el6_9.src.rpm

x86_64:
bef41cd132eb097411d071a615fec35f29d770bd4a241430f6d8d0bf3b0e4ad6 sudo-1.8.6p7-23.el7_3.x86_64.rpm
7f04203ae14b3f5c9fbc931b27c9ffbe168bc02f9692c020652fdaf653d08aea sudo-devel-1.8.6p7-23.el7_3.i686.rpm
bf367838cb1b972e3eafcb8b65132b6d5580d2a551682aad26df5320571c23da sudo-devel-1.8.6p7-23.el7_3.x86_64.rpm

Source:
cd3e0346fa75a7d5083d0697ad3e332fd65dbde36378ee807ec06f3af207c2fd sudo-1.8.6p7-23.el7_3.src.rpm

Cause:   Access control error, Input validation error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
May 30 2017 Sudo get_process_ttyname() Command Validation Flaw Lets Local Users Obtain Root Privileges



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:1574 Moderate CentOS 7 sudo Security Update


CentOS Errata and Security Advisory 2017:1574 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1574.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
bef41cd132eb097411d071a615fec35f29d770bd4a241430f6d8d0bf3b0e4ad6  sudo-1.8.6p7-23.el7_3.x86_64.rpm
7f04203ae14b3f5c9fbc931b27c9ffbe168bc02f9692c020652fdaf653d08aea  sudo-devel-1.8.6p7-23.el7_3.i686.rpm
bf367838cb1b972e3eafcb8b65132b6d5580d2a551682aad26df5320571c23da  sudo-devel-1.8.6p7-23.el7_3.x86_64.rpm

Source:
cd3e0346fa75a7d5083d0697ad3e332fd65dbde36378ee807ec06f3af207c2fd  sudo-1.8.6p7-23.el7_3.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC