RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing
A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
CVSS3 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) - Red Hat score
Response: The flaw does not exist
The sudo implementation used on SLES11.4 is not vulnerable.
From SUSE: https://www.suse.com/security/cve/CVE-2017-1000367/
Note from the SUSE Security Team
This security issue only affects sudo 1.8.5 or later. The sudo versions on SUSE Linux Enterprise 11 and older products are not affected. This issue is also only a problem if the system operates in SELinux mode.
Related Articles
SUDO Vulnerability - CVE-2021-3156 in RSA Authentication Manager 8.5 P2 Number of Views Downloading RSA Authentication Manager license files or RSA Software token seed records Number of Views RSA Authentication Manager Patch Updates Number of Views RSA Release Notes for RSA Authentication Manager 8.8 Number of Views RSA SecurID Web Tier is not working and has a status of "Offline" or "Offline, reinstall required" in the Authentication M… Number of Views
Trending Articles
RSA Release Notes for RSA Authentication Manager 8.8 RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.4.3 for Microsoft Windows Group Policy Object Template Guide RSA MFA Agent 2.4 for Microsoft Windows Installation and Administration Guide Microsoft Entra ID External Authentication Methods (EAM) - RSA Ready Implementation Guide
