Red Hat, Debian and several other Linux distributions have released the patch for a Sudo command vulnerability. The high-severity vulnerability could let a local attacker gain root privileges.
The issue, internally known as CVE-2017-1000367, was reported by security researchers from Qualys a few days back. The vulnerability was letting attackers run bash commands to overwrite any stored files on the system. Furthermore, the attacker could gain root-level privileges to overwrite root-owned content.
“We discovered a vulnerability in Sudo’s get_process_ttyname() for Linux: this function opens “/proc/[pid]/stat” (man proc) and reads the device number of the tty from field 7 (tty_nr),” Qualys technically highlights the issue.
The issue is notably affecting only those distros where SELinux is enabled, and the Sudo command was built with SELinux support.
The creator of Sudo app, Todd C. Miller, was prompt to release the patch fixing this vulnerability. All the Sudo versions between 1.8.6p7 and 1.8.20 are affected. Also, many popularly used Linux distros bring Sudo as a bundled default app.
“Sudo 1.8.6p7 through 1.8.20p1 inclusive. The fix present in Sudo 1.8.20p1 was incomplete as it did not address the problem of a command with a newline in the name,” said Miller, explaining the reach of the vulnerability.
Red Hat, SUSE, Ubuntu and Debian have released an urgent security update to address the vulnerability.
Red Hat has released the fixes for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux Server. Debian, on the other hand, has published the release for Wheezy, Jessie and Sid while SUSE has published a release for all its releases.