[39046] in bugtraq
Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
daemon@ATHENA.MIT.EDU (Justin)
Tue May 31 16:59:16 2005
Message-ID: <d5476b350505311244729613ab@mail.gmail.com>
Date: Tue, 31 May 2005 15:44:45 -0400
From: Justin <justinvinn@gmail.com>
Reply-To: Justin <justinvinn@gmail.com>
To: Marcus Meissner <meissner@suse.de>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20050531085218.GA10534@suse.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
I checked this on my RedHat Linux 9 box running sudo v 1.6.6. It
didn't effect it any...
On 5/31/05, Marcus Meissner <meissner@suse.de> wrote:
> On Tue, May 31, 2005 at 01:02:22PM +0700, Xnuxer Security wrote:
> > Today, 31 May 2005, I found error with root privilige escalation in
> > Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
> > my machine, sudo appear not check is true when I press CTRL + C with
> > blank password and giving status SID as root privilige to SID user. I
> > got successful as root without need a password but only use blank
> > password and press CTRL + C. Please check my testing below in my SuSE
> > 9.3 box:
> >
> > client@mysuse:~> cat /etc/issue
> >
> > Welcome to SuSE Linux 9.3 (i586) - Kernel \r (\l).
> >
> >
> > client@mysuse:~> id
> > uid=1000(client) gid=100(users) groups=16(dialout),33(video),100(users)
> > client@mysuse:~> uname -a
> > Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686
> > i686 i386 GNU/Linux
> > client@mysuse:~> sudo -V
> > Sudo version 1.6.8p7
> > client@mysuse:~> sudo su
> > Password: <---- fake password and press ENTER
> > Sorry, try again.
> > Password: <---- blank password and press CTRL + C
> > mysuse:/home/client #
> > mysuse:/home/client # uname -a; id; uptime
> > Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686
> > i686 i386 GNU/Linux
> > uid=0(root) gid=0(root) groups=0(root)
> > 12:29pm up 2:45, 3 users, load average: 0.14, 0.29, 0.45
> > mysuse:/home/client #
> >
> > Other sudo version is not check yet, about affect in other distro of
> > linux not check too but possible vulnerable, please check it. SuSE
> > Security still contacted by me.
>
> I cannot reproduce this in the default installation of sudo in SUSE Linux
> 9.3.
>
> Did you adapt the sudo config file in some way?
>
> What exactly do you mean with "blank password" ? Empty? Or a number
> of spaces?
>
> Ciao, Marcus
>
>
>
