CVE-2017-1000368 sudo: Privilege escalation via improper get_process_ttyname parsing

Unitrends
Backup
General

CVE ID

CVE-2017-1000368

DESCRIPTION

It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw
was found in the way sudo parsed tty information from the process status file
in the proc filesystem. A local user with privileges to execute commands via
sudo could use this flaw to escalate their privileges to root.

CVSS3 Base Score 7.3
Related CVEs: CVE-2017-1000367

RESOLUTION

Fixed in latest Unitrends security update with
sudo-1.8.6p3-29.el6_9

LINK TO ADVISORIES

https://nvd.nist.gov/vuln/detail/CVE-2017-1000368 https://access.redhat.com/security/cve/cve-2017-1000368 https://access.redhat.com/security/cve/cve-2017-1000367

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Contact us

Browse this section

How to upgrade the appliance via Unitrends' media (Air Gap / Offline updates)
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.2
CBTDriverError:uvbCbtSnapshotCreationStarted <CBT_CTL_DUPLICATE_SNAPSHOT_CREATE>
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5.1
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.5
UnitrendsMSP: Remove appliance
Steps to perform post a successful migration steps on CentOS6 UB (CentOS6 to CentOS7)
Release Notes for Recovery Series, Recovery Max, and Unitrends Backup 10.4.11
Upgrade fails when upgrading from version 10.2 or older
8002-8012 appliance disk replacement process