CVE-2017-1000367 PoC — Sudo 输入验证错误漏洞

Source

https://github.com/c0d3z3r0/sudo-CVE-2017-1000367

Associated Vulnerability

Title:Sudo 输入验证错误漏洞 (CVE-2017-1000367)
Description:Sudo是软件开发者Todd C. Miller所研发的一套用于类Unix操作系统下并允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.8.20及之前的版本中的‘get_process_ttyname()’函数存在输入验证漏洞。攻击者可利用该漏洞获取信息，执行代码。

Readme

# sudo-CVE-2017-1000367

http://www.openwall.com/lists/oss-security/2017/05/30/16

- Compile: gcc -o sudopwn sudopwn.c -lutil
- Disclaimer: I had no clue what I was doing ;-)

## Requirements

- System must be selinux-enabled
- sudo needs to be built with selinux support (sudo -r)
- User needs to have sudo permissions e.g. "toor ALL=(ALL) NOPASSWD: /usr/bin/sum"


![](Screenshot_2017-06-05_21-40-38.png)

File Snapshot


 [4.0K]  /data/pocs/3ae1e8c8ef45a9a69a0c6b9d9e5ae4cc51e6d4b3
├── [ 407]  README.md
├── [ 75K]  Screenshot_2017-06-05_21-40-38.png
└── [2.2K]  sudopwn.c

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!