CVE-2017-1000367: Vulnerability allow user to access root privileges
May 30, 2017, foreign security researchers found that the Linux link, you can achieve through sudo local vulnerabilities, vulnerability number CVE-2017-1000367, the vulnerability almost affects all Linux systems.Specific details are as follows:
Vulnerability number:
CVE-2017-1000367
Official Rating:
High risk
Vulnerability description:
When determining tty, Sudo does not correctly parse the contents of /proc/[pid]/ stat, local attackers may use this method to overwrite any file on the file system, bypassing expected permissions or getting the root shell.
Exploit conditions and methods:
Local
Affected Version:
Sudo 1.8.6p7 to 1.8.20
Red Hat Enterprise Linux 6 (sudo)
Red Hat Enterprise Linux 7 (sudo)
Red Hat Enterprise Linux Server (v. 5 ELS) (sudo)
Debian wheezy
Debian jessie
Debian stretch
Debian sid
Ubuntu 17.04
Ubuntu 16.10
Ubuntu 16.04 LTS
Ubuntu 14.04 LTS
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
OpenSuse
Vulnerability Detection:
You can use the following command to view the sudo version:
Sudo-v
Bug fixes (or mitigation measures):
At present Ali cloud official software source has been updated, you can update the patch by the following order:
Ubuntu/Debian:
sudo apt-get update & sudo apt-get upgrade
CentOS / RHEL:
yum update
yum update sudo
Note: upgrading the kernel may cause the server to fail to start, it is recommended that you upgrade the patch to exclude the kernel upgrade
Open /etc/yum.conf, type:
# Vi /etc/yum.conf
In the [main] section, add a line below, as follows:
Exclude = kernel* // This assumes that the kernel is removed
Reference: openwall