vulnerability
Ubuntu: (Multiple Advisories) (CVE-2017-1000368): Sudo vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Jun 5, 2017 | May 7, 2019 | Apr 25, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Jun 5, 2017
Added
May 7, 2019
Modified
Apr 25, 2025
Description
Florian Weimer discovered that Sudo incorrectly handled the noexec
restriction when used with certain applications. A local attacker could
possibly use this issue to bypass configured restrictions and execute
arbitrary commands. (CVE-2016-7076)
It was discovered that Sudo did not properly parse the contents of
/proc/[pid]/stat when attempting to determine its controlling tty. A local
attacker in some configurations could possibly use this to overwrite any
file on the filesystem, bypassing intended permissions. (CVE-2017-1000368)
Solution(s)
ubuntu-pro-upgrade-sudoubuntu-pro-upgrade-sudo-ldap
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.