Linux Lite Forums General Security & Bug Fixes v
SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x


Linux Lite 7.6 Final Released - Click here for more


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
Valtam Offline
Administrator
*******
Posts: 8,984
Threads: 564
Joined: Feb 2014
Reputation: 10
#1
06-02-2017, 03:19 AM
A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system.
The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.

1. Make sure to run Menu, Favorites, Install Updates.

2. Open a terminal:

Code:
apt policy sudo

should show the patched version for Series 3.x:

Code:
apt policy sudo
sudo:
  Installed: 1.8.16-0ubuntu1.4
  Candidate: 1.8.16-0ubuntu1.4

should show the patched version for Series 2.x:

Code:
apt policy sudo
sudo:
  Installed: 1.8.9p5-1ubuntu1.4
  Candidate: 1.8.9p5-1ubuntu1.4

Sources:

https://people.canonical.com/~ubuntu-sec...00367.html

http://thehackernews.com/2017/05/linux-s...-hack.html
Download your free copy of Linux Lite today.

Jerry Bezencon
Linux Lite Creator

"Do not correct a fool, or he will hate you; correct a wise man and he will appreciate you."

[Image: X5qGkCg.png]

[Image: 0op1GNe.png] [Image: LgJ2mtP.png] [Image: vLZcFUE.png] [Image: lrUHro3.jpg]
Website Find
Reply
bluzeo Offline

*****
Posts: 235
Threads: 61
Joined: May 2016
Reputation: 0
#2
06-02-2017, 04:32 AM
this had to happen when im  not even near my rig... ill do asap...

Sent from my SAMSUNG-SM-G920A using Tapatalk

hey guys im Bluzeo and Linux Lite user that got his own open source company!
Find
Reply
TMG1961 Offline
Senior Member
*****
Posts: 591
Threads: 46
Joined: Nov 2014
Reputation: 0
#3
06-02-2017, 07:25 AM
Thanks Jerry. This my outcome. Just wondering why i have some extra lines. Or did you just leave them out?

Code:
theo@Lenovo-B50-30:~$ apt policy sudo
sudo:
  Geïnstalleerd: 1.8.16-0ubuntu1.4
  Kandidaat:     1.8.16-0ubuntu1.4
  Versietabel:
*** 1.8.16-0ubuntu1.4 500
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-updates/main amd64 Packages
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.8.16-0ubuntu1 500
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial/main amd64 Packages
theo@Lenovo-B50-30:~$
Life on earth is expensive but it does include a free trip around the sun.
Find
Reply
Valtam Offline
Administrator
*******
Posts: 8,984
Threads: 564
Joined: Feb 2014
Reputation: 10
#4
06-02-2017, 07:32 AM
[member=3473]TMG1961[/member] left them out.
Download your free copy of Linux Lite today.

Jerry Bezencon
Linux Lite Creator

"Do not correct a fool, or he will hate you; correct a wise man and he will appreciate you."

[Image: X5qGkCg.png]

[Image: 0op1GNe.png] [Image: LgJ2mtP.png] [Image: vLZcFUE.png] [Image: lrUHro3.jpg]
Website Find
Reply
TMG1961 Offline
Senior Member
*****
Posts: 591
Threads: 46
Joined: Nov 2014
Reputation: 0
#5
06-02-2017, 07:35 AM
(06-02-2017, 07:32 AM)Jerry link Wrote: [member=3473]TMG1961[/member] left them out.

thanks...thought i had some special thingy going in here. glad to hear all is fine.
Life on earth is expensive but it does include a free trip around the sun.
Find
Reply
Jocklad Offline
Senior Member
****
Posts: 508
Threads: 55
Joined: Jan 2015
#6
06-02-2017, 07:52 AM
Checked and all good on LL 3.4x64  Smile
Find
Reply
bluzeo Offline

*****
Posts: 235
Threads: 61
Joined: May 2016
Reputation: 0
#7
06-02-2017, 08:26 PM
Hmmm. So don't do it in the. Terminal??? Gotch ya


God not dead! He roaring like an Lion.
hey guys im Bluzeo and Linux Lite user that got his own open source company!
Find
Reply
bitsnpcs Offline
Platinum Member
*****
Posts: 3,237
Threads: 125
Joined: Jul 2014
Reputation: 0
#8
06-02-2017, 09:15 PM
Thank you Jerry  Smile
I have checked and it is the version you specified.
When running Menu>Favorites>Install Updates there was an update for sudo.
Website Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)