Linux Vuln - Make sure to patch, boys

cyberciti.biz/security/linux-security-alert-bug-in-sudos-get_process_ttyname-cve-2017-1000367/

Make sure to apt update && apt upgrade (or pacman -Syu or whatever other shitty package manager you have) and do a full reboot ASAP. This is an important bugfix.

Other urls found in this thread:

theregister.co.uk/2017/05/29/microsoft_out_of_band_patches/
theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/
twitter.com/SFWRedditImages

>he has sudo installed
lol

>using sudo instead of su

haha funny and creative and original

>For example, if we execute Sudo through the symlink “./ 1 “, get_process_ttyname() calls sudo_ttyname_dev() to search for the non-existent tty device number “1” in the built-in search_devs[].

What? A symlink can give me root privilege?

I've never used sudo, I just `su -'.

k

I use sudo only once in any Linux desktop installation

sudo passwd

After that, su -

another day, another massive linux vuln being exploited in the wild along with the other hundreds of unreported ones...

This shit posting doesn't get you any kind of Sup Forums credit or rep. Just fuck off, dude.

LMAO! Freetard upset that his open sores software isn't as secure as he thought? Pathetic!

Just consider the fact that you're taking the time and energy to type these things out. :(

>This is an important bugfix.
Only for multi user setups.
Has no impact on your single user desktop/laptop.

I'm taking a shit at work right now, getting paid to browse the internet
What's your excuse

I made a friendly thread informing people of a bug fix.

No, applications have their own users, such as nginx. This will allow anyone that exploits these programs to get full root access.

Wait so like
You're telling me someone with sudo permissions can run commands as root?
Fuck dude

hey remember wannacry

>It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty.
>let's make a really important interface between user space and kernel space text-based so every program has to parse it

No one makes those users sudoers.

Hey remember dirtycow?

>Linux, a piecemeal system assembled by hobbyists, needs a vulnerability patched for the 20th time in the past month
Wake me up when there's some actual news

Aniki is sleeping, don't wake him up

WAKE UP

...

Already received the update some days ago but thanks op.

sudo (1.8.20p1-1) unstable; urgency=high

* New upstream version with fix for CVE-2017-1000367, closes: #863731

-- Bdale Garbee Tue, 30 May 2017 14:41:58 -0600

sudo (1.8.20-1) unstable; urgency=medium

* New upstream version

-- Bdale Garbee Wed, 10 May 2017 10:25:46 -0600

>using spanish as system language
fucking disgusting dude. Por lo menos cambialo antes de subirlo :v

for this exploit to work the attacker has to be a sudoer first
fucking plebs

doas masterrace.

>sudo -i
>enter password
>#

ZOMG PWND!

Meanwhile...

theregister.co.uk/2017/05/29/microsoft_out_of_band_patches/
theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/

~$ sudo
-bash: sudo: command not found
I'm safe.

>comparing a local privilege escalation exploit to a remote code execution one
Confirmed for braindead.

>not running root all the time so you can fuck up and delete everything

rm -rf /

>do a full reboot
why?

Because I want to ruin your fucking uptime.

I think I'm doing it wrong

BTFO and rekt