General > Security & Bug Fixes

SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x

<< < (2/2)

TMG1961:
Thanks Jerry. This my outcome. Just wondering why i have some extra lines. Or did you just leave them out?


--- Code: ---theo@Lenovo-B50-30:~$ apt policy sudo
sudo:
  Geïnstalleerd: 1.8.16-0ubuntu1.4
  Kandidaat:     1.8.16-0ubuntu1.4
  Versietabel:
 *** 1.8.16-0ubuntu1.4 500
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-updates/main amd64 Packages
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.8.16-0ubuntu1 500
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial/main amd64 Packages
theo@Lenovo-B50-30:~$
--- End code ---

bluzeo:
this had to happen when im  not even near my rig... ill do asap...

Sent from my SAMSUNG-SM-G920A using Tapatalk

Jerry:
A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system.
The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.

1. Make sure to run Menu, Favorites, Install Updates.

2. Open a terminal:


--- Code: ---apt policy sudo
--- End code ---

should show the patched version for Series 3.x:


--- Code: ---apt policy sudo
sudo:
  Installed: 1.8.16-0ubuntu1.4
  Candidate: 1.8.16-0ubuntu1.4
--- End code ---

should show the patched version for Series 2.x:


--- Code: ---apt policy sudo
sudo:
  Installed: 1.8.9p5-1ubuntu1.4
  Candidate: 1.8.9p5-1ubuntu1.4
--- End code ---

Sources:

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000367.html

http://thehackernews.com/2017/05/linux-sudo-root-hack.html

Navigation

[0] Message Index

[*] Previous page