Amazon Linux AMI : sudo (ALAS-2017-855)
High Nessus Plugin ID 101272
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionIt was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. (CVE-2017-1000368)
SolutionRun 'yum update sudo' to update your system.