Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3

From: Ow Mun Heng (Ow.Mun.Heng_at_wdc.com)
Date: 05/31/05

  • Next message: DarkBicho: "multiple vulnerability Calendarix Advanced"
    To: Xnuxer Security <xnusec@gmail.com>
    Date: Wed, 01 Jun 2005 00:35:12 +0800
    
    

    On Tue, 2005-05-31 at 13:02 +0700, Xnuxer Security wrote:
    > Today, 31 May 2005, I found error with root privilige escalation in
    > Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
    > my machine, sudo appear not check is true when I press CTRL + C with
    > blank password and giving status SID as root privilige to SID user. I
    > got successful as root without need a password but only use blank
    > password and press CTRL + C. Please check my testing below in my SuSE
    > 9.3 box:

    > Other sudo version is not check yet, about affect in other distro of
    > linux not check too but possible vulnerable, please check it. SuSE
    > Security still contacted by me.

    Gentoo. version of sudo is 1.6.7p5.
    Not affected

    -- 
    Ow Mun Heng
    Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
    98% Microsoft(tm) Free!! 
    Neuromancer 00:35:11 up 1 day, 2:36, 6 users, load average: 0.29, 0.68,
    0.66 
    

  • Next message: DarkBicho: "multiple vulnerability Calendarix Advanced"

    Relevant Pages