RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing
A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
CVSS3 Base Score: 7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) - Red Hat score
Response: The flaw does not exist
The sudo implementation used on SLES11.4 is not vulnerable.
From SUSE: https://www.suse.com/security/cve/CVE-2017-1000367/
Note from the SUSE Security Team
This security issue only affects sudo 1.8.5 or later. The sudo versions on SUSE Linux Enterprise 11 and older products are not affected. This issue is also only a problem if the system operates in SELinux mode.
Related Articles
SUDO Vulnerability - CVE-2021-3156 in RSA Authentication Manager 8.5 P2 Number of Views Services will not start after changing IP address of RSA Authentication Manager 8.x from command line Number of Views RSA Authentication Manager virtual machine failed to boot server for JVM memory error Number of Views RADIUS server not found and/or RADIUS server cannot be managed after upgrade to Authentication Manager 8.6 or 8.7 Number of Views How to factory reset an RSA Authentication Manager 8.x hardware appliance without a factory reset button from the Operatio… Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
