CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
cpe:2.3:a:sudo_project:sudo:1.8.20:p1:*:*:*:*:*:*

History

21 Nov 2024, 03:04

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/98838 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/98838 - Third Party Advisory, VDB Entry
References () https://access.redhat.com/errata/RHSA-2017:1574 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:1574 - Third Party Advisory
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10205 - Third Party Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10205 - Third Party Advisory
References () https://security.gentoo.org/glsa/201710-04 - Third Party Advisory () https://security.gentoo.org/glsa/201710-04 - Third Party Advisory
References () https://usn.ubuntu.com/3968-1/ - () https://usn.ubuntu.com/3968-1/ -
References () https://usn.ubuntu.com/3968-2/ - () https://usn.ubuntu.com/3968-2/ -
References () https://www.sudo.ws/alerts/linux_tty.html - Vendor Advisory () https://www.sudo.ws/alerts/linux_tty.html - Vendor Advisory

Information

Published : 2017-06-05 16:29

Updated : 2024-11-21 03:04


NVD link : CVE-2017-1000368

Mitre link : CVE-2017-1000368

CVE.ORG link : CVE-2017-1000368


JSON object : View

Products Affected

sudo_project

  • sudo
CWE
CWE-20

Improper Input Validation