The following vulnerability was reported on 30 May 2017
“A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem.
A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.”
Ref: https://access.redhat.com/security/cve/cve-2017-1000367
Privilege Manager for Sudo (QPM4S) requires Sudo version 1.8.1 or later.
One Identity (Quest) provides sudo plugins, but not sudo itself.
However customers who use Sudo 1.8.5 through 1.8.20p1 inclusive, would be vulnerable.
The fix would be to install version 1.8.20p2 or greater
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center