Bugtraq mailing list archives
Re: Undisclosed Sudo Vulnerability ?
From: "Kurt Seifried" <bt () seifried org>
Date: Sat, 30 Jul 2005 16:35:05 -0600
Nice social engineering; this removes all files and filder in the current directory:
[test@devel ~]$ gcc -pipe -o sudoh foo.c foo.c: In function âth30_iz_own3dâ:foo.c:67: warning: pointer targets in passing argument 1 of âfillâ differ in signedness foo.c:68: warning: pointer targets in passing argument 1 of âfillâ differ in signedness
{standard input}: Assembler messages: {standard input}:3: Warning: ignoring changed section attributes for .text [test@devel ~]$ ls -la total 76 drwxr-xr-x 3 test test 4096 Jul 30 16:29 . drwxr-xr-x 5 root root 4096 Jul 30 16:26 .. -rw-r--r-- 1 test test 24 Jul 30 16:26 .bash_logout -rw-r--r-- 1 test test 191 Jul 30 16:26 .bash_profile -rw-r--r-- 1 test test 124 Jul 30 16:26 .bashrc -rw-r--r-- 1 test test 438 Jul 30 16:26 .emacs drwxrwxr-x 3 test test 4096 Jul 30 16:26 .emacs.d -rw-rw-r-- 1 test test 2540 Jul 30 16:26 foo.c -rwxrwxr-x 1 test test 5817 Jul 30 16:29 sudoh [test@devel ~]$ ./sudoh [test@devel ~]$ ls -la total 16 drwxr-xr-x 2 test test 4096 Jul 30 16:29 . drwxr-xr-x 5 root root 4096 Jul 30 16:26 .. [test@devel ~]$ -Kurt
Current thread:
- Undisclosed Sudo Vulnerability ? Esler, Joel - Contractor (Jul 30)
- Re: Undisclosed Sudo Vulnerability ? Kurt Seifried (Jul 30)
- <Possible follow-ups>
- Re: Undisclosed Sudo Vulnerability ? babarr (Jul 30)