Bugtraq mailing list archives
Re: Undisclosed Sudo Vulnerability ?
From: "Kurt Seifried" <bt () seifried org>
Date: Sat, 30 Jul 2005 16:35:05 -0600
Nice social engineering; this removes all files and filder in the current directory:
[test@devel ~]$ gcc -pipe -o sudoh foo.c foo.c: In function âth30_iz_own3dâ:foo.c:67: warning: pointer targets in passing argument 1 of âfillâ differ in signedness foo.c:68: warning: pointer targets in passing argument 1 of âfillâ differ in signedness
{standard input}: Assembler messages:
{standard input}:3: Warning: ignoring changed section attributes for .text
[test@devel ~]$ ls -la
total 76
drwxr-xr-x 3 test test 4096 Jul 30 16:29 .
drwxr-xr-x 5 root root 4096 Jul 30 16:26 ..
-rw-r--r-- 1 test test 24 Jul 30 16:26 .bash_logout
-rw-r--r-- 1 test test 191 Jul 30 16:26 .bash_profile
-rw-r--r-- 1 test test 124 Jul 30 16:26 .bashrc
-rw-r--r-- 1 test test 438 Jul 30 16:26 .emacs
drwxrwxr-x 3 test test 4096 Jul 30 16:26 .emacs.d
-rw-rw-r-- 1 test test 2540 Jul 30 16:26 foo.c
-rwxrwxr-x 1 test test 5817 Jul 30 16:29 sudoh
[test@devel ~]$ ./sudoh
[test@devel ~]$ ls -la
total 16
drwxr-xr-x 2 test test 4096 Jul 30 16:29 .
drwxr-xr-x 5 root root 4096 Jul 30 16:26 ..
[test@devel ~]$
-Kurt
Current thread:
- Undisclosed Sudo Vulnerability ? Esler, Joel - Contractor (Jul 30)
- Re: Undisclosed Sudo Vulnerability ? Kurt Seifried (Jul 30)
- <Possible follow-ups>
- Re: Undisclosed Sudo Vulnerability ? babarr (Jul 30)