Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 17.04 USN-3304-1 Critical: Sudo File Overwrite Issue

ubuntu
Calendar Grey May 30, 2017
Dist Ubuntu Esm H88
A severe Sudo flaw permits local adversaries to modify files with admin privileges across various Ubuntu versions.
Sudo could be made to overwrite files as the administrator.

Summary

Sudo could be made to overwrite files as the administrator.

Software Description:

- sudo: Provide limited super user privileges to specific users

Details:

It was discovered that Sudo did not properly parse the contents of

/proc/[pid]/stat when attempting to determine its controlling tty.

A local attacker in some configurations could possibly use this to

overwrite any file on the filesystem, bypassing intended permissions.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  sudo                            1.8.19p1-1ubuntu1.1
  sudo-ldap                       1.8.19p1-1ubuntu1.1

Ubuntu 16.10:
  sudo                            1.8.16-0ubuntu3.2
  sudo-ldap                       1.8.16-0ubuntu3.2

Ubuntu 16.04 LTS:
  sudo                            1.8.16-0ubuntu1.4
  sudo-ldap                       1.8.16-0ubuntu1.4

Ubuntu 14.04 LTS:
  sudo                            1.8.9p5-1ubuntu1.4
  sudo-ldap                       1.8.9p5-1ubuntu1.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3304-1

CVE-2017-1000367

Severity
critical
Lowest
Low
Medium
High
Critical

May 30, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.