RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing
A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
CVSS3 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) - Red Hat score
Response: The flaw does not exist
The sudo implementation used on SLES11.4 is not vulnerable.
From SUSE: https://www.suse.com/security/cve/CVE-2017-1000367/
Note from the SUSE Security Team
This security issue only affects sudo 1.8.5 or later. The sudo versions on SUSE Linux Enterprise 11 and older products are not affected. This issue is also only a problem if the system operates in SELinux mode.
Related Articles
SUDO Vulnerability - CVE-2021-3156 in RSA Authentication Manager 8.5 P2 Number of Views Enable Linux password authentication along with RSA Authentication Agent for PAM Number of Views Software update using RSA Authentication Manager 8.4 patch 2 fails on an Authentication Manager instance. Number of Views How to recover when RSA Authentication Manager 8.x system passwords are not known or are lost Number of Views SecurID Announces SecurID Authentication Manager 8.6 Patch 1 and Updated Web-Tier Server Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
