Exploit for #VU6846 Command injection in Sudo

Cybersecurity Help s.r.o.

Published: 2020-03-18 | Updated: 2020-04-07

Vulnerability identifier: #VU6846

Vulnerability risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2017-1000367

CWE-ID: CWE-77

Exploitation vector: Local

Exploits in database: 3

April 7, 2020
- CVE-Exploit-Script () [Github]
March 18, 2020
- sudo_exploit (own implementation of the CVE-2017-1000367 sudo privilege escalation vulnerability in python) [Github]
- Sudo - 'get_process_ttyname()' Privilege Escalation [Exploit-DB]

Vulnerable software:
Sudo
Client/Desktop applications / Software for system administration

Vendor: Sudo