[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Todd Miller Sudo local root exploit discovered by Slouching

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Todd Miller Sudo local root exploit discovered by Slouching
From: noone@xxxxxxxxxxx
Date: 4 Mar 2010 16:11:41 -0000

I believe what andy was alluding to was, why post on bugtraq with a subject 
Sudo local exploit discovered. Its not a sudo local root exploit, its an 
exploit in a misconfigured sudo file. You can post it as a new exploit 
technique for a misconfiguration, and i'm sure all the vuln and pen guys would 
be happy.

In my opinion, its a good technique to check for and i will use it in my 
arsenal of things to look for in terms of admin misconfigs but since its not in 
the default config on sudo, you'd have to e an idiot to not fully path out a 
commnd you are giving root access for... 

Anyway think about how you phrase things next time.

Follow-Ups:
- Re: Todd Miller Sudo local root exploit discovered by Slouching
  - From: Steve Shockley

Prev by Date: VMSA-2010-0004 ESX Service Console and vMA third party updates
Next by Date: Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
Previous by thread: Re: Todd Miller Sudo local root exploit discovered by Slouching
Next by thread: Re: Todd Miller Sudo local root exploit discovered by Slouching
Index(es):
- Date
- Thread