[39044] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3

daemon@ATHENA.MIT.EDU (Todd C. Miller)
Tue May 31 16:49:57 2005

Message-Id: <200505311710.j4VHAHGc024253@xerxes.courtesan.com>
To: Marcus Meissner <meissner@suse.de>
Cc: Xnuxer Security <xnusec@gmail.com>, bugtraq@securityfocus.com,
        made@nakula.rvs.uni-bielefeld.de, security@suse.de
In-reply-to: Your message of "Tue, 31 May 2005 10:52:18 +0200."
             <20050531085218.GA10534@suse.de> 
Date: Tue, 31 May 2005 11:10:17 -0600
From: "Todd C. Miller" <Todd.Miller@courtesan.com>

In message <20050531085218.GA10534@suse.de>
	so spake Marcus Meissner (meissner):

> I cannot reproduce this in the default installation of sudo in SUSE Linux
> 9.3.

Sudo catches SIGINT and returns an empty string for the password
so I don't see how this could happen unless the user's actual
password was empty.  I suppose some kind of PAM misconfiguration
is also possible.

 - todd


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[39044] in bugtraq

Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3

daemon@ATHENA.MIT.EDU (Todd C. Miller)Tue May 31 16:49:57 2005

daemon@ATHENA.MIT.EDU (Todd C. Miller)
Tue May 31 16:49:57 2005