Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Does vulnerability ‘cve-2017-1000367’ affect Privilege Manager for Sudo? (4271407)

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Does vulnerability ‘cve-2017-1000367’ affect Privilege Manager for Sudo?
Description

The following vulnerability was reported on 30 May 2017
“A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem.
A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.”
Ref: https://access.redhat.com/security/cve/cve-2017-1000367
Resolution

Privilege Manager for Sudo (QPM4S) requires Sudo version 1.8.1 or later.
One Identity (Quest) provides sudo plugins, but not sudo itself.
However customers who use Sudo 1.8.5 through 1.8.20p1 inclusive, would be vulnerable.
The fix would be to install version 1.8.20p2 or greater
Ref: https://www.sudo.ws/alerts/linux_tty.html

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Request a KB Article

Leave a Comment

Recommended Content

Product(s):: Safeguard Authentication Services
4.1.8, 4.1.7, 4.1.6, 4.1.5, 4.1.3, 4.1.2, 4.1.1, 4.1; Safeguard for Sudo
6.1.1, 6.1, 2.0

Topic(s):: Configuration

Article History:: Created on: 6/8/2017
Last Update on: 5/7/2023

Search All Articles

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center