CVE-2017-1000367

Name of the Vulnerable Software and Affected Versions sudo versions 1.8.20 and earlier

Description The issue is related to insufficient input validation in the get process ttyname() function, allowing for information disclosure and command execution. This can be exploited by creating a symbolic link to the Sudo executable with a specially crafted name containing a space followed by a number. When run, Sudo attempts to determine the tty device number but can be tricked into using an arbitrary device number not associated with any existing device in the /dev directory. If Sudo does not find a terminal in /dev/pts, it searches in /dev, allowing an attacker to create a fake terminal and set up a symbolic link to it, which Sudo will then consider as the current terminal. This can enable a local attacker to elevate privileges to the superuser level and execute arbitrary code.

Recommendations For sudo versions 1.8.20 and earlier, consider disabling the get process ttyname() function as a temporary workaround until a patch is available. Restrict access to the Sudo executable to minimize the risk of exploitation. Avoid using Sudo with specially crafted file names containing spaces until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.