Arch Linux Security Advisory ASA-201705-25
=========================================
Severity: Medium
Date    : 2017-05-30
CVE-ID  : CVE-2017-1000367
Package : sudo
Type    : access restriction bypass
Remote  : No
Link    : https://security.archlinux.org/AVG-282

Summary
======
The package sudo before version 1.8.20.p1-1 is vulnerable to access
restriction bypass.

Resolution
=========
Upgrade to 1.8.20.p1-1.

# pacman -Syu "sudo>=1.8.20.p1-1"

The problem has been fixed upstream in version 1.8.20.p1.

Workaround
=========
None.

Description
==========
On Linux systems, sudo parses the /proc/[pid]/stat file to determine
the device number of the process's tty (field 7). The fields in the
file are space-delimited, but it is possible for the command name
(field 2) to include spaces, which sudo does not account for. A user
with sudo privileges can cause sudo to use a device number of the
user's choosing by creating a symbolic link from the sudo binary to a
name that contains a space, followed by a number.
This may allow a user to be able to bypass the "tty_ticket"
constraints. In order for this to succeed there must exist on the
machine a terminal device that the user has previously authenticated
themselves on via sudo within the last time stamp timeout (5 minutes by
default).

Impact
=====
A local attacker is able to extend the lifetime of a previously
authenticated ticket beyond the "tty_ticket" timeout constraints.

References
=========
https://www.sudo.ws/alerts/linux_tty.html
http://www.openwall.com/lists/oss-security/2017/05/30/16
https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b
https://security.archlinux.org/CVE-2017-1000367

ArchLinux: 201705-25: sudo: access restriction bypass

May 30, 2017

Summary

On Linux systems, sudo parses the /proc/[pid]/stat file to determine the device number of the process's tty (field 7). The fields in the file are space-delimited, but it is possible for the command name (field 2) to include spaces, which sudo does not account for. A user with sudo privileges can cause sudo to use a device number of the user's choosing by creating a symbolic link from the sudo binary to a name that contains a space, followed by a number. This may allow a user to be able to bypass the "tty_ticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last time stamp timeout (5 minutes by default).

Resolution

Upgrade to 1.8.20.p1-1. # pacman -Syu "sudo>=1.8.20.p1-1"
The problem has been fixed upstream in version 1.8.20.p1.

References

https://www.sudo.ws/alerts/linux_tty.html http://www.openwall.com/lists/oss-security/2017/05/30/16 https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b https://security.archlinux.org/CVE-2017-1000367

Severity
Package : sudo
Type : access restriction bypass
Remote : No
Link : https://security.archlinux.org/AVG-282

Workaround

None.

Related News

5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved