lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <d5476b350505311244729613ab@mail.gmail.com>
Date: Tue, 31 May 2005 15:44:45 -0400
From: Justin <justinvinn@...il.com>
To: Marcus Meissner <meissner@...e.de>
Cc: bugtraq@...urityfocus.com
Subject: Re: [security@...e.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3


I checked this on my RedHat Linux 9 box running sudo v 1.6.6. It
didn't effect it any...


On 5/31/05, Marcus Meissner <meissner@...e.de> wrote:
> On Tue, May 31, 2005 at 01:02:22PM +0700, Xnuxer Security wrote:
> > Today, 31 May 2005, I found error with root privilige escalation in
> > Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
> > my machine, sudo appear not check is true when I press CTRL + C with
> > blank password and giving status SID as root privilige to SID user. I
> > got successful as root without need a password but only use blank
> > password and press CTRL + C. Please check my testing below in my SuSE
> > 9.3 box:
> >
> > client@...use:~> cat /etc/issue
> >
> > Welcome to SuSE Linux 9.3 (i586) - Kernel \r (\l).
> >
> >
> > client@...use:~> id
> > uid=1000(client) gid=100(users) groups=16(dialout),33(video),100(users)
> > client@...use:~> uname -a
> > Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686
> > i686 i386 GNU/Linux
> > client@...use:~> sudo -V
> > Sudo version 1.6.8p7
> > client@...use:~> sudo su
> > Password:                         <---- fake password and press ENTER
> > Sorry, try again.
> > Password:                          <---- blank password and press CTRL + C
> > mysuse:/home/client #
> > mysuse:/home/client # uname -a; id; uptime
> > Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686
> > i686 i386 GNU/Linux
> > uid=0(root) gid=0(root) groups=0(root)
> >  12:29pm  up   2:45,  3 users,  load average: 0.14, 0.29, 0.45
> > mysuse:/home/client #
> >
> > Other sudo version is not check yet, about affect in other distro of
> > linux not check too but possible vulnerable, please check it. SuSE
> > Security still contacted by me.
> 
> I cannot reproduce this in the default installation of sudo in SUSE Linux
> 9.3.
> 
> Did you adapt the sudo config file in some way?
> 
> What exactly do you mean with "blank password" ? Empty? Or a number
> of spaces?
> 
> Ciao, Marcus
> 
> 
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ