Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: I find a bug
From: Emanuel dos Reis Rodrigues <emanueldosreis () gmail com>
Date: Tue, 18 Jan 2011 14:41:59 -0400

Look, this happen only in machines that have your sudo configuration
with no password.


Emanuel dos Reis Rodrigues
Senior Level Linux Professional (LPIC-3) 
LPI 302 (Mixed Environment) Specialty
LPI 304 (Virtualization and High Availability) Specialty
C|EH Certified Ethical Hacker
CompTIA Security+ Certified
http://br.linkedin.com/in/emanuelreis
t:@emanueldosreis
emanueldosreis(No*SpAm)gmail.com
Mobile: +55 95 8112-9628








Laurelai Storm wrote:
I have fedora 14, several centOS 5.5 machines and a vanilla ubuntu
9.10 vm, all ask for the password


2011/1/18 Christian Sciberras <uuf6429 () gmail com
<mailto:uuf6429 () gmail com>>

    Every bug is a feature. Some are less obvious than others.

    ;-)

    Oh, and for what it's worth, I get asked for the root password on
    my machine (vanilla ubuntu).





    2011/1/18 Laurelai Storm <laurelai () oneechan org
    <mailto:laurelai () oneechan org>>

        It prompts for a password on my machine, perhaps you should
        check your sudoers config.

        Also, its not a bug its a feature :p

        2011/1/18 我是王子 <tradeprince () qq com
        <mailto:tradeprince () qq com>>

            hello,
            I found a bug,
            run [sudo strace su] command can get root privileges
            without any password.
            bill
            ------------------ Original ------------------
            *From: * "Steve Beattie"<sbeattie () ubuntu com
            <mailto:sbeattie () ubuntu com>>;
            *Date: * Thu, Jan 13, 2011 08:01 PM
            *To: *
            "ubuntu-security-announce"<ubuntu-security-announce () lists ubuntu com
            <mailto:ubuntu-security-announce () lists ubuntu com>>;
            *Cc: * "full-disclosure"<full-disclosure () lists grok org uk
            <mailto:full-disclosure () lists grok org uk>>;
            "bugtraq"<bugtraq () securityfocus com
            <mailto:bugtraq () securityfocus com>>;
            *Subject: * [USN-1042-2] PHP5 regression
            -- 
            ubuntu-security-announce mailing list
            ubuntu-security-announce () lists ubuntu com
            <mailto:ubuntu-security-announce () lists ubuntu com>
            Modify settings or unsubscribe at:
            https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce


            _______________________________________________
            Full-Disclosure - We believe in it.
            Charter: http://lists.grok.org.uk/full-disclosure-charter.html
            Hosted and sponsored by Secunia - http://secunia.com/



        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.grok.org.uk/full-disclosure-charter.html
        Hosted and sponsored by Secunia - http://secunia.com/



------------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]