Linux Lite Forums
General => Security & Bug Fixes => Topic started by: Jerry on June 01, 2017, 11:19:40 PM
-
A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system.
The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.
1. Make sure to run Menu, Favorites, Install Updates.
2. Open a terminal:
apt policy sudo
should show the patched version for Series 3.x:
apt policy sudo
sudo:
Installed: 1.8.16-0ubuntu1.4
Candidate: 1.8.16-0ubuntu1.4
should show the patched version for Series 2.x:
apt policy sudo
sudo:
Installed: 1.8.9p5-1ubuntu1.4
Candidate: 1.8.9p5-1ubuntu1.4
Sources:
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000367.html
http://thehackernews.com/2017/05/linux-sudo-root-hack.html
-
this had to happen when im not even near my rig... ill do asap...
Sent from my SAMSUNG-SM-G920A using Tapatalk
-
Thanks Jerry. This my outcome. Just wondering why i have some extra lines. Or did you just leave them out?
theo@Lenovo-B50-30:~$ apt policy sudo
sudo:
Geïnstalleerd: 1.8.16-0ubuntu1.4
Kandidaat: 1.8.16-0ubuntu1.4
Versietabel:
*** 1.8.16-0ubuntu1.4 500
500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-updates/main amd64 Packages
500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-security/main amd64 Packages
100 /var/lib/dpkg/status
1.8.16-0ubuntu1 500
500 http://ftp.tudelft.nl/archive.ubuntu.com xenial/main amd64 Packages
theo@Lenovo-B50-30:~$
-
@TMG1961 left them out.
-
@TMG1961 left them out.
thanks...thought i had some special thingy going in here. glad to hear all is fine.
-
Checked and all good on LL 3.4x64 :)
-
Hmmm. So don't do it in the. Terminal??? Gotch ya
God not dead! He roaring like an Lion.
-
Thank you Jerry :)
I have checked and it is the version you specified.
When running Menu>Favorites>Install Updates there was an update for sudo.