Support Content Notification - Support Portal

BSA-2017-349

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21403

Last Updated

27 October 2017

Initial Publication Date

23 June 2017

Status

Closed

Severity

High

CVSS Base Score

7.8

WorkAround

N/A

Affected CVE

CVE-2017-1000367

Summary
Security Advisory ID : BSA-2017-349
Component : SUDO
Revision : 2.0: Interim

A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.

Affected Products

Product	Current Assessment
Brocade SLX-OS	Impacted: Appliance fixed in 17r2.01.

Products Confirmed Not Vulnerable

Brocade FastIron OS, Brocade NetIron OS, Brocade ServerIron ADX, Brocade Virtual ADX, Brocade Virtual Web Application Firewall, and Brocade Workflow Composer are confirmed not affected by this vulnerability.

Workaround

There are no workarounds that address this vulnerability.

Revision History

Version	Change	Date
1.0	Initial Publication	June 23, 2017
2.0	Updated to address ADX, vADX, & WC	October 27, 2017

Summary Security Advisory ID : BSA-2017-349 Component : SUDO Revision : 2.0: Interim

Revision History

Summary
Security Advisory ID : BSA-2017-349
Component : SUDO
Revision : 2.0: Interim