\u56fd\u5916\u5b89\u5168\u7814\u7a76\u4eba\u5458\u53d1\u73b0Linux\u73af\u8282\u4e0b\uff0c\u53ef\u4ee5\u901a\u8fc7sudo\u5b9e\u73b0\u672c\u5730\u63d0\u6743\u6f0f\u6d1e\uff0c\u6f0f\u6d1e\u7f16\u53f7\u4e3aCVE-2017-1000367\uff0c\u8be5\u6f0f\u6d1e\u51e0\u4e4e\u5f71\u54cd\u4e86\u6240\u6709Linux\u7cfb\u7edf\u3002\u5177\u4f53\u8be6\u60c5\u5982\u4e0b:<\/p>\n
\u6f0f\u6d1e\u7f16\u53f7:<\/strong><\/p>\n CVE-2017-1000367<\/p>\n \u6f0f\u6d1e\u540d\u79f0:<\/strong><\/p>\n Sudo\u672c\u5730\u63d0\u6743\u6f0f\u6d1e<\/p>\n \u5b98\u65b9\u8bc4\u7ea7:<\/strong><\/p>\n \u9ad8\u5371<\/p>\n \u6f0f\u6d1e\u63cf\u8ff0:<\/strong><\/p>\n \u5f53\u786e\u5b9atty\u65f6\uff0cSudo\u6ca1\u6709\u6b63\u786e\u89e3\u6790\/ proc \/ [pid] \/ stat\u7684\u5185\u5bb9\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u80fd\u4f1a\u4f7f\u7528\u6b64\u65b9\u6cd5\u6765\u8986\u76d6\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u4efb\u4f55\u6587\u4ef6\uff0c\u4ece\u800c\u7ed5\u8fc7\u9884\u671f\u6743\u9650\u6216\u83b7\u53d6root shell\u3002<\/p>\n \u6f0f\u6d1e\u5229\u7528\u6761\u4ef6\u548c\u65b9\u5f0f:<\/strong><\/p>\n \u672c\u5730\u5229\u7528<\/p>\n \u6f0f\u6d1e\u5f71\u54cd\u8303\u56f4:<\/strong><\/p>\n Sudo 1.8.6p7 \u5230 1.8.20<\/p>\n Red Hat Enterprise Linux 6 (sudo)<\/p>\n Red Hat Enterprise Linux 7 (sudo)<\/p>\n Red Hat Enterprise Linux Server (v. 5 ELS) (sudo)<\/p>\n Debian wheezy<\/p>\n Debian jessie<\/p>\n Debian stretch<\/p>\n Debian sid<\/p>\n Ubuntu 17.04<\/p>\n Ubuntu 16.10<\/p>\n Ubuntu 16.04 LTS<\/p>\n Ubuntu 14.04 LTS<\/p>\n SUSE Linux Enterprise Software Development Kit 12-SP2<\/p>\n SUSE Linux Enterprise Server for Raspberry Pi 12-SP2<\/p>\n SUSE Linux Enterprise Server 12-SP2<\/p>\n SUSE Linux Enterprise Desktop 12-SP2<\/p>\n OpenSuse<\/p>\n \u6f0f\u6d1e\u68c0\u6d4b:<\/strong><\/p>\n \u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u67e5\u770bsudo\u7248\u672c:<\/p>\n sudo -V<\/p>\n \u6f0f\u6d1e\u4fee\u590d\u5efa\u8bae(\u6216\u7f13\u89e3\u63aa\u65bd):<\/strong><\/p>\n \u76ee\u524d\u963f\u91cc\u4e91\u5b98\u65b9\u8f6f\u4ef6\u6e90\u5df2\u7ecf\u540c\u6b65\u66f4\u65b0\uff0c\u53ef\u4ee5\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u66f4\u65b0\u8865\u4e01:<\/p>\n Ubuntu\/Debian:<\/p>\n sudo apt-get update & sudo apt-get upgrade<\/p>\n CentOS\/RHEL:<\/p>\n yum update<\/p>\n yum update sudo<\/p>\n \u6ce8\uff1a\u5347\u7ea7kernel\u53ef\u80fd\u4f1a\u5bfc\u81f4\u670d\u52a1\u5668\u65e0\u6cd5\u542f\u52a8\uff0c\u5efa\u8bae\u60a8\u5728\u5347\u7ea7\u8865\u4e01\u65f6\u6392\u9664\u5185\u6838\u5347\u7ea7<\/p>\n \u6253\u5f00\/etc\/yum.conf \uff0c\u8f93\u5165\uff1a<\/p>\n # vi \/etc\/yum.conf<\/p>\n \u5728[main]\u6bb5\u4e2d\uff0c\u4e0b\u6dfb\u52a0\u4e00\u884c\uff0c\u5982\u4e0b\uff1a<\/p>\n exclude= kernel* \/\/\u8fd9\u91cc\u5047\u8bbe\u662f\u6392\u9664\u5185\u6838\u5347\u7ea7<\/p>\n \u539f\u6587\u6765\u81ea\uff1ahttps:\/\/www.oschina.net\/news\/85384\/qualys-security-advisory-cve-2017-1000367-in-sudo<\/a><\/p>\n\n