[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3

To: Marcus Meissner <meissner@xxxxxxx>
Subject: Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
From: "Todd C. Miller" <Todd.Miller@xxxxxxxxxxxxx>
Date: Tue, 31 May 2005 11:10:17 -0600

In message <20050531085218.GA10534@xxxxxxx>
        so spake Marcus Meissner (meissner):

> I cannot reproduce this in the default installation of sudo in SUSE Linux
> 9.3.

Sudo catches SIGINT and returns an empty string for the password
so I don't see how this could happen unless the user's actual
password was empty.  I suppose some kind of PAM misconfiguration
is also possible.

 - todd

References:
- [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
  - From: Xnuxer Security
- Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
  - From: Marcus Meissner

Prev by Date: 504T and now also 604T remote access.
Next by Date: Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
Previous by thread: Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
Next by thread: Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
Index(es):
- Date
- Thread