Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [security () suse de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
From: Justin <justinvinn () gmail com>
Date: Tue, 31 May 2005 15:44:45 -0400

I checked this on my RedHat Linux 9 box running sudo v 1.6.6. It
didn't effect it any...

On 5/31/05, Marcus Meissner <meissner () suse de> wrote:
On Tue, May 31, 2005 at 01:02:22PM +0700, Xnuxer Security wrote:
Today, 31 May 2005, I found error with root privilige escalation in
Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
my machine, sudo appear not check is true when I press CTRL + C with
blank password and giving status SID as root privilige to SID user. I
got successful as root without need a password but only use blank
password and press CTRL + C. Please check my testing below in my SuSE
9.3 box:

client () mysuse:~> cat /etc/issue

Welcome to SuSE Linux 9.3 (i586) - Kernel \r (\l).

client () mysuse:~> id
uid=1000(client) gid=100(users) groups=16(dialout),33(video),100(users)
client () mysuse:~> uname -a
Linux mysuse #1 Wed Mar 23 21:52:37 UTC 2005 i686
i686 i386 GNU/Linux
client () mysuse:~> sudo -V
Sudo version 1.6.8p7
client () mysuse:~> sudo su
Password:                         <---- fake password and press ENTER
Sorry, try again.
Password:                          <---- blank password and press CTRL + C
mysuse:/home/client #
mysuse:/home/client # uname -a; id; uptime
Linux mysuse #1 Wed Mar 23 21:52:37 UTC 2005 i686
i686 i386 GNU/Linux
uid=0(root) gid=0(root) groups=0(root)
 12:29pm  up   2:45,  3 users,  load average: 0.14, 0.29, 0.45
mysuse:/home/client #

Other sudo version is not check yet, about affect in other distro of
linux not check too but possible vulnerable, please check it. SuSE
Security still contacted by me.

I cannot reproduce this in the default installation of sudo in SUSE Linux

Did you adapt the sudo config file in some way?

What exactly do you mean with "blank password" ? Empty? Or a number
of spaces?

Ciao, Marcus

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]