edit-icon download-icon

[Vulnerability notice] CVE-2017-1000367: Sudo local elevation of privilege vulnerability

Last Updated: Mar 19, 2018

On May 30, 2017, security researchers outside China discovered the vulnerability of local elevation of privilege by means of sudo in Linux. The vulnerability is CVE-2017-1000367. It affects almost all Linux operating systems.

Alibaba Cloud Security reminds you to follow up this vulnerability and install patches in a timely manner to prevent any attacker from exploiting it to initiate an elevation of privilege attack.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-1000367

Vulnerability name

Sudo local elevation of privilege vulnerability

Vulnerability rating

High

Vulnerability description

When determining tty data, sodu fails to parse / proc / [pid] / stat correctly. A local attacker can exploit this issue to overwrite any files in the file system and escalate from common account to root privileges by means of policy bypass.

Condition and method of exploitation

This vulnerability can be exploited locally.

Affected scope

Sudo 1.8.6p7 to 1.8.20. Because the affected versions vary depending on different vendors, see the information announced by the specific vendor.

  • Red Hat Enterprise Linux 6 (sudo)
  • Red Hat Enterprise Linux 7 (sudo)
  • Red Hat Enterprise Linux Server (v. 5 ELS) (sudo)
  • Debian wheezy
  • Debian jessie
  • Debian stretch
  • Debian sid
  • Ubuntu 17.04
  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • SUSE Linux Enterprise Software Development Kit 12-SP2
  • SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
  • SUSE Linux Enterprise Server 12-SP2
  • SUSE Linux Enterprise Desktop 12-SP2
  • OpenSuse

Unaffected versions:

  • CentOS and Red Hat security versions:

    • Centos /RHEL 7: 1.8.6p7-22.el7_3
    • Centos /RHEL 6: 1.8.6p3-28.el6_9
    • Centos /RHEL 5: 1.7.2p1-30.el5_11
  • Ubuntu security versions:

    • Ubuntu 14.04 LTS: 1.8.9p5-1ubuntu1.4
    • Ubuntu 16.04 LTS: 1.8.16-0ubuntu1.4
    • Ubuntu 16.10 LTS: 1.8.16-0ubuntu3.2
  • Debian security versions:

    • Debian 7(wheezy): 1.8.5p2-1+nmu3+deb7u3
    • Debian 8(jessie): 1.8.10p3-1+deb8u4
  • SUSE /OpenSuse security versions:

    • 1.8.10p3-2.11.1
    • 1.8.10p3-10.5.1

Vulnerability detection

  • Run the following command to check the sudo version:

    1. sudo -V
  • Use the provided package manager to check the sudo version:

    • For CentOS and Red Hat, run the rpm -qa|grep sudo command to check the sudo version.

    • For Ubuntu and Debian, run the bash dpkg -l sudo command to check the sudo version.

How to fix or mitigate

Currently, the updates have been synchronized to Alibaba Cloud software sources. For more information, see the vendor announcements in Intelligence source. You can run the following command to install the patches:

  • Ubuntu

    For Ubuntu, you can upgrade to the following version:

    • Ubuntu 17.04

      1. sudo-ldap 1.8.19p1-1ubuntu1.1
      2. sudo 1.8.19p1-1ubuntu1.1
    • Ubuntu 16.10

      1. sudo-ldap 1.8.16-0ubuntu3.2
      2. sudo 1.8.16-0ubuntu3.2
    • Ubuntu 16.04 LTS

      1. sudo-ldap 1.8.16-0ubuntu1.4
      2. sudo 1.8.16-0ubuntu1.4
    • Ubuntu 14.04 LTS

      1. sudo-ldap 1.8.9p5-1ubuntu1.4
      2. sudo 1.8.9p5-1ubuntu1.4

    Run the following command to perform upgrade:

    1. sudo apt-get update & sudo apt-get upgrade
  • CentOS/RHEL

    CentOS and Red Hat Enterprise Linux updates download URL: https://rhn.redhat.com/errata/RHSA-2017-1382.html

    Run the following command to perform upgrade:

    1. yum makecache --Update source
    2. yum update sudo --Installs updates for sudo.

    Note: Upgrading the kernel may result in failed server startup. We recommend that you exclude kernel upgrade when installing the patches. The procedure is as follows:

    1. Open /etc/yum.conf, and enter # vi /etc/yum.conf.

    2. Add exclude= kernel* //Excludes kernel upgrade in the last line of [main].

    Alternatively, you can run the yum update --exclude kernel* command directly.

  • Debain

    Debian updates download URL: https://security-tracker.debian.org/tracker/CVE-2017-1000367?spm=5176.7754251.2.4.IkEbNs

    Run the following command to perform upgrade:

    1. sudo apt-get update & sudo apt-get upgrade
  • SUSE/openSUSE:

    SUSE and openSUSE updates download URL: https://www.suse.com/security/cve/CVE-2017-1000367/?spm=5176.7754251.2.5.P3hP8S

    Run the following command to perform upgrade:

    1. zypper refresh &zypper update

Reference

[1]. http://www.openwall.com/lists/oss-security/2017/05/30/16
[2]. Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000367.html
[3]. Redhat: https://access.redhat.com/security/cve/cve-2017-1000367
[4]. Debain: https://security-tracker.debian.org/tracker/CVE-2017-1000367
[5]. SUSE/openSUSE: https://www.suse.com/security/cve/CVE-2017-1000367.html

Thank you! We've received your feedback.