CVE-2017-1000367
Published: 30 May 2017
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Notes
Author | Note |
---|---|
sbeattie | code to parse /proc/pid/stat and walk /dev is not present in precise |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.4 |
Attack vector | Local |
Attack complexity | High |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |