NewStart CGSL MAIN 4.05 : sudo Vulnerability (NS-SA-2019-0102)
High Nessus Plugin ID 127331
SynopsisThe remote machine is affected by a vulnerability.
DescriptionThe remote NewStart CGSL host, running version MAIN 4.05, has sudo packages installed that are affected by a vulnerability:
- It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. (CVE-2017-1000368)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade the vulnerable CGSL sudo packages. Note that updated packages may not be available yet. Please contact ZTE for more information.