Does vulnerability ‘cve-2017-1000367’ affect Privilege Manager for Sudo? (4271407)

Chatee ahora con Soporte

Regresar

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Título

Does vulnerability ‘cve-2017-1000367’ affect Privilege Manager for Sudo?
Descripción

The following vulnerability was reported on 30 May 2017
“A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem.
A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.”
Ref: https://access.redhat.com/security/cve/cve-2017-1000367
Resolución

Privilege Manager for Sudo (QPM4S) requires Sudo version 1.8.1 or later.
One Identity (Quest) provides sudo plugins, but not sudo itself.
However customers who use Sudo 1.8.5 through 1.8.20p1 inclusive, would be vulnerable.
The fix would be to install version 1.8.20p2 or greater
Ref: https://www.sudo.ws/alerts/linux_tty.html

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Contenido recomendado

Producto(s):: Safeguard Authentication Services
4.1.8, 4.1.7, 4.1.6, 4.1.5, 4.1.3, 4.1.2, 4.1.1, 4.1; Safeguard for Sudo
7.2.1, 7.2, 7.1.1, 7.1, 7.0, 6.1.1, 6.1, 2.0

Título