Security alert: bug in sudo CVE-2017-1000367

Isaac

2 minutes

Informatic security

There is a severe vulnerability in famous sudo tool. The vulnerability is due to a bug in the programming of this tool that allows any user who has a session in the shell (even with SELinux enabled) to escalate privileges to become root. The problem lies in the malfunction of sudo parsing the content of / proc / [PID] / stat when trying to determine the terminal.

The bug discovered is specifically in the call get_process_ttyname () sudo for Linux, which is the one that opens the previously mentioned directory to read the device number tty for the tty_nr field. This vulnerability cataloged as CVE-2017-1000367 could be exploited to gain system privileges, as I said, so it is quite critical and affects many well-known and important distributions. But don't be scared either, now we tell you how to protect yourself ...

Well, the affected distributions are:

  1. Red Hat Enterprise Linux 6, 7 and Server
  2. Oracle Enterprise 6, 7 and Server
  3. CentOS Linux 6 and 7
  4. Debian Wheezy, Jessie, Stretch, Sid
  5. Ubuntu 14.04 LTS, 16.04 LTS, 16.10 and 17.04
  6. SuSE LInux Enterpsrise Software Development Kit 12-SP2, Server for Raspberry Pi 12-SP2, Server 12-SP2 and Desktop 12-SP2
  7. OpenSuSE
  8. Slackware
  9. Gentoo
  10. Arch Linux
  11. Fedora

Therefore, you must patch or update your system ASAP if you have one of these systems (or derivatives):

  • For Debian and derivatives (Ubuntu, ...):
sudo apt update

sudo apt upgrade
  • For RHEL and derivatives (CentOS, Oracle, ...):
sudo yum update
  • In Fedora:
sudo dnf update
  • SuSE and derivatives (OpenSUSE, ...):
sudo zypper update

ArchLinux:

sudo pacman -Syu
  • Slackware:
upgradepkg sudo-1.8.20p1-i586-1_slack14.2.txz
  • Gentoo:
emerge --sync

emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p1"

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   fedu said
    ago 7 years

    Which one would be used for Archlinux and earlier?

    Reply to fedu
    1.    Isaac PE said
      ago 7 years

      Hello,

      There was an error inserting the code. Now you can see it.

      Greetings and thanks for advising.

      Reply to Isaac PE
  2.   fernan said
    ago 7 years

    Hello:
    Well for arch and derivatives sudo pacman -Syyu
    Greetings.

    Reply to fernan
  3.   lorabian said
    ago 7 years

    So that's why sudo was updated ... anyway, the risky thing is the fact that it is not known who, apart from the one who has now the bug, who else knew. And that can be risky.

    Reply to lorabe