CVE-2017-1000367

MEDIUM EXPLOITED

Todd Miller's sudo <1.8.20 - Info Disclosure & Command Execution

Title source: llm
STIX 2.1

Description

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Exploits (5)

exploitdb WORKING POC
by Qualys Corporation · clocallinux
https://www.exploit-db.com/exploits/42183
nomisec WORKING POC 113 stars
by c0d3z3r0 · infoleak
https://github.com/c0d3z3r0/sudo-CVE-2017-1000367
nomisec WORKING POC 6 stars
by pucerpocok · infoleak
https://github.com/pucerpocok/sudo_exploit
nomisec WORKING POC 1 stars
by homjxi0e · infoleak
https://github.com/homjxi0e/CVE-2017-1000367
nomisec WORKING POC
by letsr00t · local
https://github.com/letsr00t/CVE-2017-1000367

References (18)

Core 18
Core References
Third Party Advisory vendor-advisory
http://www.ubuntu.com/usn/USN-3304-1
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/201705-15
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/98745
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2017/Jun/3
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2017:1382
Third Party Advisory vendor-advisory
http://www.debian.org/security/2017/dsa-3867
Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/42183/
Exploit, Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2017/05/30/16
Third Party Advisory vendor-advisory
https://access.redhat.com/errata/RHSA-2017:1381
Exploit, Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id/1038582

Scores

CVSS v3 6.4
EPSS 0.1992
EPSS Percentile 95.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-08-17
CWE
CWE-362
Status published
Products (1)
sudo_project/sudo < 1.8.20
Published Jun 05, 2017
Tracked Since Feb 18, 2026