CVE-2017-1000368
published 2017-06-05CVE-2017-1000368: Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in…
high8.2CVSS 3.0
AVLACLPRHUINSCCHIHAH
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sudo | < sudo 1.8.20p1-1.1 (bookworm) | sudo 1.8.20p1-1.1 (bookworm) |
| sudo_project | sudo | <= 1.8.20 | — |
| sudo_project | sudo | — | — |
| sudo_project | sudo | >= 0 < 1.8.20p1-1.1 | 1.8.20p1-1.1 |
| sudo_project | sudo | >= 0 < 1.8.20p1-1.1 | 1.8.20p1-1.1 |
| sudo_project | sudo | >= 0 < 1.8.20p1-1.1 | 1.8.20p1-1.1 |
| sudo_project | sudo | >= 0 < 1.8.20p1-1.1 | 1.8.20p1-1.1 |
| sudo_project | sudo | >= 0 < 1.8.16-0ubuntu1.6 | 1.8.16-0ubuntu1.6 |
| sudo_project | sudo | >= 0 < 1.8.9p5-1ubuntu1.5+esm1 | 1.8.9p5-1ubuntu1.5+esm1 |
CVSS provenance
nvdv3.08.2HIGHCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
osv8.2HIGH