SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x

SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x - Printable Version

+- Linux Lite Forums (https://www.freecinema2022.gq/forums)
+-- Forum: General (https://www.freecinema2022.gq/forums/forumdisplay.php?fid=4)
+--- Forum: Security & Bug Fixes (https://www.freecinema2022.gq/forums/forumdisplay.php?fid=16)
+--- Thread: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x (/showthread.php?tid=4121)

SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x - Valtam - 06-02-2017

A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system.
The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.

1. Make sure to run Menu, Favorites, Install Updates.

2. Open a terminal:

Code:
apt policy sudo

should show the patched version for Series 3.x:

Code:
apt policy sudo

sudo:

  Installed: 1.8.16-0ubuntu1.4

  Candidate: 1.8.16-0ubuntu1.4

should show the patched version for Series 2.x:

Code:
apt policy sudo

sudo:

  Installed: 1.8.9p5-1ubuntu1.4

  Candidate: 1.8.9p5-1ubuntu1.4

Sources:

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000367.html

http://thehackernews.com/2017/05/linux-sudo-root-hack.html

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x - bluzeo - 06-02-2017

this had to happen when im not even near my rig... ill do asap...

Sent from my SAMSUNG-SM-G920A using Tapatalk

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x - TMG1961 - 06-02-2017

Thanks Jerry. This my outcome. Just wondering why i have some extra lines. Or did you just leave them out?

Code:
theo@Lenovo-B50-30:~$ apt policy sudo

sudo:

  Geïnstalleerd: 1.8.16-0ubuntu1.4

  Kandidaat:     1.8.16-0ubuntu1.4

  Versietabel:

 *** 1.8.16-0ubuntu1.4 500

        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-updates/main amd64 Packages

        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-security/main amd64 Packages

        100 /var/lib/dpkg/status

     1.8.16-0ubuntu1 500

        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial/main amd64 Packages

theo@Lenovo-B50-30:~$

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x - Valtam - 06-02-2017

[member=3473]TMG1961[/member] left them out.

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x - TMG1961 - 06-02-2017

(06-02-2017, 07:32 AM)Jerry link Wrote: [member=3473]TMG1961[/member] left them out.

thanks...thought i had some special thingy going in here. glad to hear all is fine.

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x - Jocklad - 06-02-2017

Checked and all good on LL 3.4x64 Smile

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x - bluzeo - 06-02-2017

Hmmm. So don't do it in the. Terminal??? Gotch ya

God not dead! He roaring like an Lion.

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x - bitsnpcs - 06-02-2017

Thank you Jerry Smile

I have checked and it is the version you specified.
When running Menu>Favorites>Install Updates there was an update for sudo.