RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing
A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
CVSS3 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) - Red Hat score
Response: The flaw does not exist
The sudo implementation used on SLES11.4 is not vulnerable.
From SUSE: https://www.suse.com/security/cve/CVE-2017-1000367/
Note from the SUSE Security Team
This security issue only affects sudo 1.8.5 or later. The sudo versions on SUSE Linux Enterprise 11 and older products are not affected. This issue is also only a problem if the system operates in SELinux mode.
Related Articles
SUDO Vulnerability - CVE-2021-3156 in RSA Authentication Manager 8.5 P2 Number of Views Enable Linux password authentication along with RSA Authentication Agent for PAM Number of Views SecurID Announces SecurID Authentication Manager 8.6 Patch 1 and Updated Web-Tier Server Number of Views RSA Announces RSA Authentication Manager 8.7 SP2 Patch 1 and Updated Web-Tier Server Number of Views Software update using RSA Authentication Manager 8.4 patch 2 fails on an Authentication Manager instance. Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
