lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 31 May 2005 10:52:18 +0200
From: Marcus Meissner <meissner@...e.de>
To: Xnuxer Security <xnusec@...il.com>
Cc: bugtraq@...urityfocus.com, made@...ula.rvs.uni-bielefeld.de,
	security@...e.de
Subject: Re: [security@...e.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3

On Tue, May 31, 2005 at 01:02:22PM +0700, Xnuxer Security wrote:
> Today, 31 May 2005, I found error with root privilige escalation in
> Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
> my machine, sudo appear not check is true when I press CTRL + C with
> blank password and giving status SID as root privilige to SID user. I
> got successful as root without need a password but only use blank
> password and press CTRL + C. Please check my testing below in my SuSE
> 9.3 box:
> 
> client@...use:~> cat /etc/issue
> 
> Welcome to SuSE Linux 9.3 (i586) - Kernel \r (\l).
> 
> 
> client@...use:~> id
> uid=1000(client) gid=100(users) groups=16(dialout),33(video),100(users)
> client@...use:~> uname -a
> Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686
> i686 i386 GNU/Linux
> client@...use:~> sudo -V
> Sudo version 1.6.8p7
> client@...use:~> sudo su
> Password:                         <---- fake password and press ENTER
> Sorry, try again.
> Password:                          <---- blank password and press CTRL + C
> mysuse:/home/client #
> mysuse:/home/client # uname -a; id; uptime
> Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686
> i686 i386 GNU/Linux
> uid=0(root) gid=0(root) groups=0(root)
>  12:29pm  up   2:45,  3 users,  load average: 0.14, 0.29, 0.45
> mysuse:/home/client # 
> 
> Other sudo version is not check yet, about affect in other distro of
> linux not check too but possible vulnerable, please check it. SuSE
> Security still contacted by me.

I cannot reproduce this in the default installation of sudo in SUSE Linux 
9.3.

Did you adapt the sudo config file in some way?

What exactly do you mean with "blank password" ? Empty? Or a number
of spaces?

Ciao, Marcus

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists