06-02-2017, 03:19 AM
A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system.
The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.
1. Make sure to run Menu, Favorites, Install Updates.
2. Open a terminal:
should show the patched version for Series 3.x:
should show the patched version for Series 2.x:
Sources:
https://people.canonical.com/~ubuntu-sec...00367.html
http://thehackernews.com/2017/05/linux-s...-hack.html
The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.
1. Make sure to run Menu, Favorites, Install Updates.
2. Open a terminal:
Code:
apt policy sudoshould show the patched version for Series 3.x:
Code:
apt policy sudo
sudo:
Installed: 1.8.16-0ubuntu1.4
Candidate: 1.8.16-0ubuntu1.4should show the patched version for Series 2.x:
Code:
apt policy sudo
sudo:
Installed: 1.8.9p5-1ubuntu1.4
Candidate: 1.8.9p5-1ubuntu1.4Sources:
https://people.canonical.com/~ubuntu-sec...00367.html
http://thehackernews.com/2017/05/linux-s...-hack.html
![[Image: X5qGkCg.png]](http://imgur.com/X5qGkCg.png)
![[Image: 0op1GNe.png]](http://i.imgur.com/0op1GNe.png)
![[Image: LgJ2mtP.png]](http://i.imgur.com/LgJ2mtP.png)
![[Image: vLZcFUE.png]](https://imgur.com/vLZcFUE.png)
![[Image: lrUHro3.jpg]](http://i.imgur.com/lrUHro3.jpg)