CVE-2017-1000368

8.2 HIGH

Published: June 05, 2017 Modified: May 13, 2026

Description

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.securityfocus.com/bid/98838

Source: cve@mitre.org

Third Party Advisory VDB Entry

https://access.redhat.com/errata/RHSA-2017:1574

Source: cve@mitre.org

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10205

Source: cve@mitre.org

Third Party Advisory

https://security.gentoo.org/glsa/201710-04

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3968-1/

Source: cve@mitre.org

https://usn.ubuntu.com/3968-2/

Source: cve@mitre.org

https://www.sudo.ws/alerts/linux_tty.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/98838