Bugtraq mailing list archives

Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3

From: Ow Mun Heng <Ow.Mun.Heng () wdc com>
Date: Wed, 01 Jun 2005 00:35:12 +0800

On Tue, 2005-05-31 at 13:02 +0700, Xnuxer Security wrote:

Today, 31 May 2005, I found error with root privilige escalation in
Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
my machine, sudo appear not check is true when I press CTRL + C with
blank password and giving status SID as root privilige to SID user. I
got successful as root without need a password but only use blank
password and press CTRL + C. Please check my testing below in my SuSE
9.3 box:

Other sudo version is not check yet, about affect in other distro of
linux not check too but possible vulnerable, please check it. SuSE
Security still contacted by me.



Gentoo. version of sudo is 1.6.7p5.
Not affected


-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 00:35:11 up 1 day, 2:36, 6 users, load average: 0.29, 0.68,
0.66

Current thread:

[XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Xnuxer Security (May 31)
- Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Marcus Meissner (May 31)
  - Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Todd C. Miller (May 31)
  - Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Justin (May 31)
- Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Ow Mun Heng (May 31)