https://www.cyberciti.biz/security/linux-security-alert-bug-in-sudos-get_process_ttyname-cve-2017-1000367/
Make sure to apt update && apt upgrade (or pacman -Syu or whatever other shitty package manager you have) and do a full reboot ASAP. This is an important bugfix.
>he has sudo installed
lol
>using sudo instead of su
>>60713463
>>60713491
haha funny and creative and original
>>60713392
>For example, if we execute Sudo through the symlink “./ 1 “, get_process_ttyname() calls sudo_ttyname_dev() to search for the non-existent tty device number “1” in the built-in search_devs[].
What? A symlink can give me root privilege?
I've never used sudo, I just `su -'.
I use sudo only once in any Linux desktop installation
sudo passwd
After that, su -
>>60713392
another day, another massive linux vuln being exploited in the wild along with the other hundreds of unreported ones...
>>60714569
This shit posting doesn't get you any kind of 4chan credit or rep. Just fuck off, dude.
>>60714624
LMAO! Freetard upset that his open sores software isn't as secure as he thought? Pathetic!
>>60714781
Just consider the fact that you're taking the time and energy to type these things out. :(
>>60713392
>This is an important bugfix.
Only for multi user setups.
Has no impact on your single user desktop/laptop.
>>60714828
I'm taking a shit at work right now, getting paid to browse the internet
What's your excuse
>>60714858
I made a friendly thread informing people of a bug fix.
>>60714836
No, applications have their own users, such as nginx. This will allow anyone that exploits these programs to get full root access.
Wait so like
You're telling me someone with sudo permissions can run commands as root?
Fuck dude
>>60714781
hey remember wannacry
>It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty.
>let's make a really important interface between user space and kernel space text-based so every program has to parse it
>>60714889
No one makes those users sudoers.
>>60714929
Hey remember dirtycow?
>Linux, a piecemeal system assembled by hobbyists, needs a vulnerability patched for the 20th time in the past month
Wake me up when there's some actual news
>>60715053
Aniki is sleeping, don't wake him up
>>60715187
WAKE UP
>>60715208
>>60713392
Already received the update some days ago but thanks op.
sudo (1.8.20p1-1) unstable; urgency=high
* New upstream version with fix for CVE-2017-1000367, closes: #863731
-- Bdale Garbee <[email protected]> Tue, 30 May 2017 14:41:58 -0600
sudo (1.8.20-1) unstable; urgency=medium
* New upstream version
-- Bdale Garbee <[email protected]> Wed, 10 May 2017 10:25:46 -0600
>>60715240
>using spanish as system language
fucking disgusting dude. Por lo menos cambialo antes de subirlo :v
>>60713392
for this exploit to work the attacker has to be a sudoer first
fucking plebs
doas masterrace.
>>60716359
>sudo -i
>enter password
>#
ZOMG PWND!
Meanwhile...
https://www.theregister.co.uk/2017/05/29/microsoft_out_of_band_patches/
https://www.theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/
>>60713392~$ sudo
-bash: sudo: command not found
I'm safe.
>>60715000
>comparing a local privilege escalation exploit to a remote code execution one
Confirmed for braindead.
>>60713491
>not running root all the time so you can fuck up and delete everything
rm -rf /
>>60713392
>do a full reboot
why?
>>60717314
Because I want to ruin your fucking uptime.
>>60713392
I think I'm doing it wrong
>>60714979
BTFO and rekt