Network Security: Detailed info on Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7

from [Ow Mun Heng] Network Security

[Permanent Link]

Subject:	Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
Date:	Wed, 01 Jun 2005 00:35:12 +0800

On Tue, 2005-05-31 at 13:02 +0700, Xnuxer Security wrote:

Today, 31 May 2005, I found error with root privilige escalation in
Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
my machine, sudo appear not check is true when I press CTRL + C with
blank password and giving status SID as root privilige to SID user. I
got successful as root without need a password but only use blank
password and press CTRL + C. Please check my testing below in my SuSE
9.3 box:

Other sudo version is not check yet, about affect in other distro of
linux not check too but possible vulnerable, please check it. SuSE
Security still contacted by me.



Gentoo. version of sudo is 1.6.7p5.
Not affected


-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 00:35:11 up 1 day, 2:36, 6 users, load average: 0.29, 0.68,
0.66

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Xnuxer Security Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Marcus Meissner Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Todd C. Miller Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Justin Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Ow Mun Heng <=

Previous by Date:	Wide-scale industrial espionage using Trojan horses in Israel, Gadi Evron
Next by Date:	multiple vulnerability Calendarix Advanced, DarkBicho
Previous by Thread:	Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Justin
Next by Thread:	Wide-scale industrial espionage using Trojan horses in Israel, Gadi Evron
Indexes:	[Date] [Thread] [Top] [All Lists]