Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Marcus Meissner <meissner@xxxxxxx>
Subject: Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
From: "Todd C. Miller" <Todd.Miller@xxxxxxxxxxxxx>
Date: Tue, 31 May 2005 11:10:17 -0600
Cc: Xnuxer Security <xnusec@xxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx, made@xxxxxxxxxxxxxxxxxxxxxxxxxxx, security@xxxxxxx
In-reply-to: Your message of "Tue, 31 May 2005 10:52:18 +0200." <20050531085218.GA10534@suse.de>
References: <e9ec72305053023023b376fd8@mail.gmail.com> <20050531085218.GA10534@suse.de>

In message <20050531085218.GA10534@xxxxxxx>
	so spake Marcus Meissner (meissner):

> I cannot reproduce this in the default installation of sudo in SUSE Linux
> 9.3.

Sudo catches SIGINT and returns an empty string for the password
so I don't see how this could happen unless the user's actual
password was empty.  I suppose some kind of PAM misconfiguration
is also possible.

 - todd

References:
- [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
  - From: Xnuxer Security
- Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
  - From: Marcus Meissner

Prev by Date: multiple vulnerability Calendarix Advanced
Next by Date: Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4
Previous by thread: Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
Next by thread: Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux