CVE-2017-1000367: Vulnerability allow user to access root privileges

May 30, 2017, foreign security researchers found that the Linux link, you can achieve through sudo local vulnerabilities, vulnerability number CVE-2017-1000367, the vulnerability almost affects all Linux systems.Specific details are as follows:

Vulnerability number:

CVE-2017-1000367

Official Rating:

High risk

Vulnerability description:

When determining tty, Sudo does not correctly parse the contents of /proc/[pid]/ stat, local attackers may use this method to overwrite any file on the file system, bypassing expected permissions or getting the root shell.

Exploit conditions and methods:

Local

Affected Version:

Sudo 1.8.6p7 to 1.8.20

Red Hat Enterprise Linux 6 (sudo)

Red Hat Enterprise Linux 7 (sudo)

Red Hat Enterprise Linux Server (v. 5 ELS) (sudo)

Debian wheezy

Debian jessie

Debian stretch

Debian sid

Ubuntu 17.04

Ubuntu 16.10

Ubuntu 16.04 LTS

Ubuntu 14.04 LTS

SUSE Linux Enterprise Software Development Kit 12-SP2

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Desktop 12-SP2

OpenSuse

Vulnerability Detection:

You can use the following command to view the sudo version:

Sudo-v

Bug fixes (or mitigation measures):

At present Ali cloud official software source has been updated, you can update the patch by the following order:

Ubuntu/Debian:

sudo apt-get update & sudo apt-get upgrade

CentOS / RHEL:

yum update

yum update sudo

Note: upgrading the kernel may cause the server to fail to start, it is recommended that you upgrade the patch to exclude the kernel upgrade

Open /etc/yum.conf, type:

# Vi /etc/yum.conf

In the [main] section, add a line below, as follows:

Exclude = kernel* // This assumes that the kernel is removed

Reference: openwall