[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <200706072005.l57K5g3g030634@tex.courtesan.com>
Date: Thu, 07 Jun 2007 16:05:42 -0400
From: "Todd C. Miller" <Todd.Miller@...rtesan.com>
To: "Mark Senior" <senatorfrog@...il.com>
Cc: "James Downs" <egon@...n.cc>,
"Thor Lancelot Simon" <tls@....tjls.com>, bugtraq@...urityfocus.com
Subject: Re: Sudo: local root compromise with krb5 enabled
In message <70f230c70706071255k7338dc5bn85bb1ac5fe6c2fc7@...l.gmail.com>
so spake "Mark Senior" (senatorfrog):
> In other words, in the SuSE default config, sudo is just an
> overcomplicated su - to sudo something as root, you need not your own
> password, but root's - except you don't have to be in wheel to use it.
>
> If sudo is configured as above, and uses kerberos, then all users
> might be able to exploit this.
This bug does not affect builds of sudo that use PAM or BSD
authentication for password verification so there is really no
impact on SuSE.
- todd
Powered by blists - more mailing lists