[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Todd Miller Sudo local root exploit discovered by Slouching

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Todd Miller Sudo local root exploit discovered by Slouching
From: Steve Shockley <steve.shockley@xxxxxxxxxxxx>
Date: Thu, 04 Mar 2010 19:32:28 -0500

On 3/4/2010 11:11 AM, noone@xxxxxxxxxxx wrote:

Its not a sudo local root exploit, its an exploit in a misconfigured sudo file.


If it's a misconfiguration, then why'd they release a patch?

From http://www.sudo.ws/sudo/stable.html:

Major changes between version 1.7.2p3 and 1.7.2p4:

* Fix a bug that could allow users with permission to run sudoeditto run arbitrary commands.

References:
- Re: Re: Todd Miller Sudo local root exploit discovered by Slouching
  - From: noone

Prev by Date: Juniper SA Series Cross Site Scripting Issue
Next by Date: iDefense Security Advisory 03.04.10: Autonomy KeyView OLE Document Integer Overflow Vulnerability
Previous by thread: Re: Re: Todd Miller Sudo local root exploit discovered by Slouching
Next by thread: iDefense Security Advisory 03.02.10: IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability
Index(es):
- Date
- Thread