CVE-2017-1000368: Input Validation
First published: Mon Jun 05 2017(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sudo Project Sudo | <=1.8.20 | |
| Sudo Project Sudo | =1.8.20-p1 | |
| redhat/sudo | <1.8.20 | 1.8.20 |
| debian/sudo | 1.9.5p2-3+deb11u1 1.9.13p3-1+deb12u1 1.9.16-2 1.9.16p1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/98838
- https://access.redhat.com/errata/RHSA-2017:1574
- https://kc.mcafee.com/corporate/index?page=content&id=SB10205
- https://security.gentoo.org/glsa/201710-04
- https://usn.ubuntu.com/3968-1/
- https://usn.ubuntu.com/3968-2/
- https://www.sudo.ws/alerts/linux_tty.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10205
- https://launchpad.net/bugs/cve/CVE-2017-1000368
- https://access.redhat.com/security/vulnerabilities/3059071
- https://access.redhat.com/security/cve/CVE-2017-1000367
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1458425
- https://www.sudo.ws/repos/sudo/rev/15a46f4007dd
- https://bugzilla.redhat.com/show_bug.cgi?id=1459152
- https://www.openwall.com/lists/oss-security/2017/06/02/7
- https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd
- https://security-tracker.debian.org/tracker/CVE-2017-1000368
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000368
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000368
- https://ubuntu.com/security/CVE-2017-1000368
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2017-1000368.
What is the title of this vulnerability?
The title of this vulnerability is 'Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.'
What is the severity of CVE-2017-1000368?
The severity of CVE-2017-1000368 is high with a CVSS score of 8.2.
What software versions are affected by this vulnerability?
Sudo version 1.8.20p1 and earlier are affected by this vulnerability.
How can I fix CVE-2017-1000368?
To fix CVE-2017-1000368, update to sudo version 1.8.20 or higher.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-1000368
- agent/description
- agent/weakness
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/sudo project
- canonical/sudo project sudo
- version/sudo project sudo/1.8.20
- version/sudo project sudo/1.8.20-p1
- package-manager/redhat
- package-manager/debian