Bugtraq mailing list archives
Re: Sudo: local root compromise with krb5 enabled
From: "Todd C. Miller" <Todd.Miller () courtesan com>
Date: Thu, 07 Jun 2007 16:05:42 -0400
In message <70f230c70706071255k7338dc5bn85bb1ac5fe6c2fc7 () mail gmail com> so spake "Mark Senior" (senatorfrog):
In other words, in the SuSE default config, sudo is just an overcomplicated su - to sudo something as root, you need not your own password, but root's - except you don't have to be in wheel to use it. If sudo is configured as above, and uses kerberos, then all users might be able to exploit this.
This bug does not affect builds of sudo that use PAM or BSD authentication for password verification so there is really no impact on SuSE. - todd
Current thread:
- Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)
- MIT krb5: makes sudo authentication issue MUCH worse. Thor Lancelot Simon (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled James Downs (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Mark Senior (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Todd C. Miller (Jun 07)
- Re: Sudo: local root compromise with krb5 enabled Mark Senior (Jun 07)
- <Possible follow-ups>
- Re: Sudo: local root compromise with krb5 enabled Ken Raeburn (Jun 12)
- Re: Sudo: local root compromise with krb5 enabled Kyle Wheeler (Jun 14)
- Re: Sudo: local root compromise with krb5 enabled Ken Raeburn (Jun 15)
- Re: Sudo: local root compromise with krb5 enabled Kyle Wheeler (Jun 14)
- Re: Sudo: local root compromise with krb5 enabled Thor Lancelot Simon (Jun 07)