Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 620482 (CVE-2017-1000368)

Summary: <app-admin/sudo-1.8.20_p2: get_process_ttyname() allows writing on other user's terminals, incomplete fix for CVE-2017-1000367
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: arthur, base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=633704
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2017-06-03 08:26:17 UTC 
The fix for CVE-2017-1000367 was incomplete. While it prevents the privilege escalation, it is still possible to trick sudo into writing to other user's terminals.

See update at
https://www.sudo.ws/alerts/linux_tty.html
and
http://www.openwall.com/lists/oss-security/2017/06/02/7

=app-admin/sudo-1.8.20_p2 is already in the tree, but not yet stabilized. Can we start stabilizing
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2017-06-03 11:39:32 UTC 
commit 270a6423a85e65f15a99e95574d5400424fd5612
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sat Jun 3 13:38:09 2017

    app-admin/sudo: Version 1.8.20_p2 stable for all arches (bug #620482).
    
    Fast stabilizing as this is a followup bug of CVE-2017-1000367.
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.2
Comment 2 Volkan 2017-06-21 21:15:19 UTC 
CVE is CVE-2017-1000368
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-05 17:59:20 UTC 
GLSA Request filled.

@Maintainers just to confirm if CVE-2017-1000368 is totally fixed.

Thank you,

Gentoo Security Padawan
ChrisADR
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-10-08 13:35:21 UTC 
This issue was resolved and addressed in
 GLSA 201710-04 at https://security.gentoo.org/glsa/201710-04
by GLSA coordinator Aaron Bauman (b-man).