Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Security»Linux Security Advisory – Sudo Vulnerability in Linux [CVE-2017-1000367]

    Linux Security Advisory – Sudo Vulnerability in Linux [CVE-2017-1000367]

    By RahulJune 3, 20171 Min Read

    A vulnerability has been discovered in Sudo’s get_process_ttyname() in linux command. this function opens “/proc/[pid]/stat” (man proc) and reads the device number of the tty from field 7 (tty_nr). Unfortunately, these fields are space-separated and field 2 (comm, the filename of the command) can contain spaces (CVE-2017-1000367).

    Advertisement

    How to Fix?

    This vulnerability affected most of the Linux operating systems. You are recommended to update sudo package immediately on your Linux system to fix this vulnerability.

    Debian Based Systems:
    $ sudo apt update 
    $ sudo apt install sudo
    
    Redhat Based Systems:
    $ sudo yum install sudo 
    
    Fedora 22+ Systems:
    $ sudo dnf install sudo 
    
    

    References: For more details about CVE-2017-1000367 vulnerability visit followings.

    https://www.sudo.ws/alerts/linux_tty.html
    http://www.openwall.com/lists/oss-security/2017/05/30/16
    https://access.redhat.com/security/vulnerabilities/3059071

    CVE-2017-1000367 sudo vulnerability
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    Preventing SQL injection attacks with prepared statements in MySQL

    How to block bad bots using .htaccess

    How to Open Port in Linux

    Add A Comment

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • Implementing a Linux Server Security Audit: Best Practices and Tools
    • cp Command in Linux (Copy Files Like a Pro)
    • 15 Practical Examples of dd Command in Linux
    • dd Command in Linux (Syntax, Options and Use Cases)
    • Iptables: Common Firewall Rules and Commands
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.