lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 May 2005 11:10:17 -0600 From: "Todd C. Miller" <Todd.Miller@...rtesan.com> To: Marcus Meissner <meissner@...e.de> Cc: Xnuxer Security <xnusec@...il.com>, bugtraq@...urityfocus.com, made@...ula.rvs.uni-bielefeld.de, security@...e.de Subject: Re: [security@...e.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3 In message <20050531085218.GA10534@...e.de> so spake Marcus Meissner (meissner): > I cannot reproduce this in the default installation of sudo in SUSE Linux > 9.3. Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty. I suppose some kind of PAM misconfiguration is also possible. - todd
Powered by blists - more mailing lists