Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 620482 (CVE-2017-1000368) - <app-admin/sudo-1.8.20_p2: get_process_ttyname() allows writing on other user's terminals, incomplete fix for CVE-2017-1000367
Summary: <app-admin/sudo-1.8.20_p2: get_process_ttyname() allows writing on other user...
Status: RESOLVED FIXED
Alias: CVE-2017-1000368
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-03 08:26 UTC by Hanno Böck
Modified: 2017-10-10 00:21 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2017-06-03 08:26:17 UTC
The fix for CVE-2017-1000367 was incomplete. While it prevents the privilege escalation, it is still possible to trick sudo into writing to other user's terminals.

See update at
https://www.sudo.ws/alerts/linux_tty.html
and
http://www.openwall.com/lists/oss-security/2017/06/02/7

=app-admin/sudo-1.8.20_p2 is already in the tree, but not yet stabilized. Can we start stabilizing
Comment 1 Lars Wendler (Polynomial-C) gentoo-dev 2017-06-03 11:39:32 UTC
commit 270a6423a85e65f15a99e95574d5400424fd5612
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sat Jun 3 13:38:09 2017

    app-admin/sudo: Version 1.8.20_p2 stable for all arches (bug #620482).
    
    Fast stabilizing as this is a followup bug of CVE-2017-1000367.
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.2
Comment 2 Volkan 2017-06-21 21:15:19 UTC
CVE is CVE-2017-1000368
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-05 17:59:20 UTC
GLSA Request filled.

@Maintainers just to confirm if CVE-2017-1000368 is totally fixed.

Thank you,

Gentoo Security Padawan
ChrisADR
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-10-08 13:35:21 UTC
This issue was resolved and addressed in
 GLSA 201710-04 at https://security.gentoo.org/glsa/201710-04
by GLSA coordinator Aaron Bauman (b-man).