You are Here:
Linux Lite 4.6 Final has been released. See the Release Announcements section for more information.



[ SECURITY ] SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x

Author (Read 3171 times)

0 Members and 1 Guest are viewing this topic.

SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« on: June 01, 2017, 11:19:40 PM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 7017
    Posts
  • Country: nz
  • Reputation: 651
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960
A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system.
The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.

1. Make sure to run Menu, Favorites, Install Updates.

2. Open a terminal:

Code: [Select]
apt policy sudo
should show the patched version for Series 3.x:

Code: [Select]
apt policy sudo
sudo:
  Installed: 1.8.16-0ubuntu1.4
  Candidate: 1.8.16-0ubuntu1.4

should show the patched version for Series 2.x:

Code: [Select]
apt policy sudo
sudo:
  Installed: 1.8.9p5-1ubuntu1.4
  Candidate: 1.8.9p5-1ubuntu1.4

Sources:

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000367.html

http://thehackernews.com/2017/05/linux-sudo-root-hack.html
 


Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #1 on: June 02, 2017, 12:32:54 AM »
 

bluzeo

  • Linux Magazine writer
  • PayPal Supporter
  • Forum Regular
  • *****
  • 218
    Posts
  • Country: us
  • Reputation: 45
  • Linux Lite Member

  • Linux Lite: 4.2 64bit

  • CPU: Amd 8 core

  • MEMORY: 16Gb

  • VIDEO CARD: GT 210
this had to happen when im  not even near my rig... ill do asap...

Sent from my SAMSUNG-SM-G920A using Tapatalk

hey guys im Bluzeo and Linux Lite user that got his own open source company!
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #2 on: June 02, 2017, 03:25:37 AM »
 

TMG1961

  • PayPal Supporter
  • Gold Level Poster
  • *****
  • 559
    Posts
  • Country: nl
  • Reputation: 88
  • Linux Lite Member

  • Linux Lite: 4.4 64bit

  • CPU: Intel(R) Core(TM) i3-7020U

  • MEMORY: 8Gb

  • VIDEO CARD: Intel(R) HD Graphics 620
Thanks Jerry. This my outcome. Just wondering why i have some extra lines. Or did you just leave them out?

Code: [Select]
theo@Lenovo-B50-30:~$ apt policy sudo
sudo:
  Ge´nstalleerd: 1.8.16-0ubuntu1.4
  Kandidaat:     1.8.16-0ubuntu1.4
  Versietabel:
 *** 1.8.16-0ubuntu1.4 500
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-updates/main amd64 Packages
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.8.16-0ubuntu1 500
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial/main amd64 Packages
theo@Lenovo-B50-30:~$
Life on earth is expensive but it does include a free trip around the sun.
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #3 on: June 02, 2017, 03:32:21 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 7017
    Posts
  • Country: nz
  • Reputation: 651
  • Linux Lite Member
    • Linux Lite OS

  • Linux Lite: 3.8 64bit

  • CPU: Intel Xeon Dual CPU's E5645 2.4GHz 12 Cores

  • MEMORY: 16Gb

  • VIDEO CARD: nVidia GeForce GTX 960
@TMG1961 left them out.
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #4 on: June 02, 2017, 03:35:04 AM »
 

TMG1961

  • PayPal Supporter
  • Gold Level Poster
  • *****
  • 559
    Posts
  • Country: nl
  • Reputation: 88
  • Linux Lite Member

  • Linux Lite: 4.4 64bit

  • CPU: Intel(R) Core(TM) i3-7020U

  • MEMORY: 8Gb

  • VIDEO CARD: Intel(R) HD Graphics 620
@TMG1961 left them out.

thanks...thought i had some special thingy going in here. glad to hear all is fine.
Life on earth is expensive but it does include a free trip around the sun.
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #5 on: June 02, 2017, 03:52:23 AM »
 

Jocklad

  • Banned
  • Gold Level Poster
  • *******
  • 508
    Posts
  • Country: scotland
  • Reputation: 67
  • Linux Lite Member

  • Linux Lite: 4.4 64bit

  • MEMORY: 8Gb
Checked and all good on LL 3.4x64  :)
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #6 on: June 02, 2017, 04:26:45 PM »
 

bluzeo

  • Linux Magazine writer
  • PayPal Supporter
  • Forum Regular
  • *****
  • 218
    Posts
  • Country: us
  • Reputation: 45
  • Linux Lite Member

  • Linux Lite: 4.2 64bit

  • CPU: Amd 8 core

  • MEMORY: 16Gb

  • VIDEO CARD: GT 210
Hmmm. So don't do it in the. Terminal??? Gotch ya


God not dead! He roaring like an Lion.
hey guys im Bluzeo and Linux Lite user that got his own open source company!
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #7 on: June 02, 2017, 05:15:04 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3185
    Posts
  • Country: 00
  • Reputation: 300

  • Linux Lite: 3.2 64bit
Thank you Jerry  :)
I have checked and it is the version you specified.
When running Menu>Favorites>Install Updates there was an update for sudo.
 


Tags:
 


Linux Lite 4.6 Final has been released. See the Release Announcements section for more information.