Scientific Linux Security Update : sudo on SL6.x, SL7.x i386/x86_64
High Nessus Plugin ID 101041
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. (CVE-2017-1000368)
SolutionUpdate the affected sudo, sudo-debuginfo and / or sudo-devel packages.