oss-sec mailing list archives

Re: Arbitrary terminal access via sudo on Linux

From: "Todd C. Miller" <Todd.Miller () courtesan com>
Date: Fri, 02 Jun 2017 12:55:10 -0600

On Fri, 02 Jun 2017 12:51:55 -0600, Kurt Seifried wrote:

which says it is NOT exploitable, but you're saying that it is actually
exploitable? If confirmed yes I'll get you a new CVE for this asap. Thanks.


The file overwrite issue is not exploitable in 1.8.20p1.
However, the arbitrary tty access IS exploitable in 1.8.20p1.

 - todd

Arbitrary terminal access via sudo on Linux Todd C. Miller (Jun 02)
- Re: Arbitrary terminal access via sudo on Linux Kurt Seifried (Jun 02)
  - Re: Arbitrary terminal access via sudo on Linux Todd C. Miller (Jun 02)
    - Re: Arbitrary terminal access via sudo on Linux Qualys Security Advisory (Jun 06)