Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201705-25 ========================================= Severity: Medium Date: 2017-05-30 CVE-ID: CVE-2017-1000367 Package: sudo Type: access restriction bypass Remote: No Link: https://security.archlinux.org/AVG-282 Summary ====== The package sudo before version 1.8.20.p1-1 is vulnerable to access restriction bypass. Resolution ========= Upgrade to 1.8.20.p1-1. # pacman -Syu "sudo>=1.8.20.p1-1" The problem has been fixed upstream in version 1.8.20.p1. Workaround ========= None. Description ========== On Linux systems, sudo parses the /proc/[pid]/stat file to determine the device number of the process's tty (field 7). The fields in the file are space-delimited, but it is possible for the command name (field 2) to include spaces, which sudo does not account for. A user with sudo privileges can cause sudo to use a device number of the user's choosing by creating a symbolic link from the sudo binary to a name that contains a space, followed by a number. This may allow a user to be able to bypass the "tty_ticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last time stamp timeout (5 minutes by default). Impact ===== A local attacker is able to extend the lifetime of a previously authenticated ticket beyond the "tty_ticket" timeout constraints. References ========= http://www.openwall.com/lists/oss-security/2017/05/30/16 https://security.archlinux.org/CVE-2017-1000367