CVE-2017-1000367CVE-2017-1000367

Affected configuration(s):

cpe:/a:todd_miller:sudo:1.8.20

Date published: 2017-06-05T10:29:00.200-04:00

Date last modified: 2017-08-12T21:29:15.537-04:00

CVSS Score: 6.9

Principal attack vector: LOCAL

Complexity:  MEDIUM

Reference URL: http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00077.html

Summary: Todd Miller’s sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.