BSA-2017-349
21403
27 October 2017
23 June 2017
Closed
High
7.8
N/A
CVE-2017-1000367
Summary
Security Advisory ID : BSA-2017-349
Component : SUDO
Revision : 2.0: Interim
A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
Affected ProductsProduct | Current Assessment |
---|---|
Brocade SLX-OS | Impacted: Appliance fixed in 17r2.01. |
Brocade FastIron OS, Brocade NetIron OS, Brocade ServerIron ADX, Brocade Virtual ADX, Brocade Virtual Web Application Firewall, and Brocade Workflow Composer are confirmed not affected by this vulnerability.
WorkaroundThere are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | June 23, 2017 |
2.0 | Updated to address ADX, vADX, & WC | October 27, 2017 |