lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 01 Jun 2005 00:35:12 +0800
From: Ow Mun Heng <Ow.Mun.Heng@....com>
To: Xnuxer Security <xnusec@...il.com>
Cc: made@...ula.rvs.uni-bielefeld.de, security@...e.de,
	bugtraq@...urityfocus.com
Subject: Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version
	1.6.8p7 without Password, SuSE 9.3


On Tue, 2005-05-31 at 13:02 +0700, Xnuxer Security wrote:
> Today, 31 May 2005, I found error with root privilige escalation in
> Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
> my machine, sudo appear not check is true when I press CTRL + C with
> blank password and giving status SID as root privilige to SID user. I
> got successful as root without need a password but only use blank
> password and press CTRL + C. Please check my testing below in my SuSE
> 9.3 box:

> Other sudo version is not check yet, about affect in other distro of
> linux not check too but possible vulnerable, please check it. SuSE
> Security still contacted by me.


Gentoo. version of sudo is 1.6.7p5.
Not affected


-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 00:35:11 up 1 day, 2:36, 6 users, load average: 0.29, 0.68,
0.66 




Powered by blists - more mailing lists