CVE-2017-1000367
published 2017-06-05CVE-2017-1000367: Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in…
medium6.4CVSS 3.0
AVLACHPRHUINSUCHIHAH
EXPLOIT
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sudo | < sudo 1.8.20p1-1 (bookworm) | sudo 1.8.20p1-1 (bookworm) |
| sudo_project | sudo | <= 1.8.20 | — |
| sudo_project | sudo | >= 0 < 1.8.20p1-1 | 1.8.20p1-1 |
| sudo_project | sudo | >= 0 < 1.8.20p1-1 | 1.8.20p1-1 |
| sudo_project | sudo | >= 0 < 1.8.20p1-1 | 1.8.20p1-1 |
| sudo_project | sudo | >= 0 < 1.8.20p1-1 | 1.8.20p1-1 |
CVSS provenance
nvdv3.06.4MEDIUMCVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
osv6.4MEDIUM
vulncheck6.4MEDIUM