From 742dfe25646ca49d62bb5f6452a3600f934c798d Mon Sep 17 00:00:00 2001 From: Thomas Deutschmann Date: Tue, 30 May 2017 17:20:25 +0200 Subject: Add GLSA 201705-15 --- glsa-201705-15.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 glsa-201705-15.xml diff --git a/glsa-201705-15.xml b/glsa-201705-15.xml new file mode 100644 index 00000000..688fe87c --- /dev/null +++ b/glsa-201705-15.xml @@ -0,0 +1,57 @@ + + + + sudo: Privilege escalation + A vulnerability in sudo allows local users to gain root privileges. + sudo,privilege + 2017-05-30 + 2017-05-30: 1 + 620182 + local + + + 1.8.20_p1 + 1.8.20_p1 + + + +

sudo (su “do”) allows a system administrator to delegate authority + to give certain users (or groups of users) the ability to run some (or + all) commands as root or another user while providing an audit trail of + the commands and their arguments. +

+ + +

Qualys discovered a vulnerability in sudo’s get_process_ttyname() for + Linux, that via sudo_ttyname_scan() can be directed to use a + user-controlled, arbitrary tty device during its traversal of “/dev” + by utilizing the world-writable /dev/shm. +

+ + +

A local attacker can pretend that his tty is any character device on the + filesystem, and after two race conditions, an attacker can pretend that + the controlled tty is any file on the filesystem allowing for privilege + escalation +

+ + +

There is no known workaround at this time.

+ + +

All sudo users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p1" + + + + + + CVE-2017-1000367 + + + K_F + K_F + -- cgit v1.2.3-65-gdbad