[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sudoedit local privilege escalation through PATH manipulation

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: sudoedit local privilege escalation through PATH manipulation
From: Agazzini Maurizio <inode@xxxxxxxxxxxxxxxx>
Date: Thu, 22 Apr 2010 10:04:09 +0200

On 20/04/2010 8.42, Ansgar Wiechers wrote:
> Perhaps I'm missing something, but how is this a security flaw? A user
> who is allowed to run "sudoedit" can edit /etc/sudoers, and thus allow
> himself to run any command anyway.
> 
> Regards
> Ansgar Wiechers

In the configuration file (sudoers) you can specify the file that the
user is allowed to edit (http://www.gratisoft.us/sudo/man/sudoers.html).
The bug allow you to bypass these controls and gain root privileges.

Best regards,

Maurizio

-- 
Maurizio Agazzini                     CISSP, OPST
Senior Security Advisor
Team Manager
@ Mediaservice.net Srl                Tel: +39-011-32.72.100
Via San Bernardino, 17                Fax: +39-011-32.46.497
10141 Torino - ITALY                  http://mediaservice.net/

References:
- sudoedit local privilege escalation through PATH manipulation
  - From: Agazzini Maurizio
- Re: sudoedit local privilege escalation through PATH manipulation
  - From: Ansgar Wiechers

Prev by Date: CfP: GameSec 2010 - Deadline is 3 weeks away!
Next by Date: [security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
Previous by thread: Re: sudoedit local privilege escalation through PATH manipulation
Next by thread: [ MDVSA-2010:076-1 ] openssl
Index(es):
- Date
- Thread