Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3

To: Marcus Meissner <meissner@xxxxxxx>
Subject: Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
From: Justin <justinvinn@xxxxxxxxx>
Date: Tue, 31 May 2005 15:44:45 -0400
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=YvfP2e1XyZ1+o+1L5DEofDsj+RQSIfE0/2BJbXpyJpfOqw+0nUJ5kRhJRaDFXvzFpusEvKGUXFnoFTEd1POkbyicP94fwhBbwVo5BeJDYyklP8pBq9g06sX+vyzjC3JMHcu9cI3kAKi+9dCuWjlqkRlHtk7fQqXTiQF4Ve3gHNU=
In-reply-to: <20050531085218.GA10534@xxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <e9ec72305053023023b376fd8@xxxxxxxxxxxxxx> <20050531085218.GA10534@xxxxxxx>
Reply-to: Justin <justinvinn@xxxxxxxxx>

I checked this on my RedHat Linux 9 box running sudo v 1.6.6. It
didn't effect it any...


On 5/31/05, Marcus Meissner <meissner@xxxxxxx> wrote:
> On Tue, May 31, 2005 at 01:02:22PM +0700, Xnuxer Security wrote:
> > Today, 31 May 2005, I found error with root privilige escalation in
> > Sudo version 1.6.8p7 that package installed with SuSE 9.3. Testing in
> > my machine, sudo appear not check is true when I press CTRL + C with
> > blank password and giving status SID as root privilige to SID user. I
> > got successful as root without need a password but only use blank
> > password and press CTRL + C. Please check my testing below in my SuSE
> > 9.3 box:
> >
> > client@mysuse:~> cat /etc/issue
> >
> > Welcome to SuSE Linux 9.3 (i586) - Kernel \r (\l).
> >
> >
> > client@mysuse:~> id
> > uid=1000(client) gid=100(users) groups=16(dialout),33(video),100(users)
> > client@mysuse:~> uname -a
> > Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686
> > i686 i386 GNU/Linux
> > client@mysuse:~> sudo -V
> > Sudo version 1.6.8p7
> > client@mysuse:~> sudo su
> > Password:                         <---- fake password and press ENTER
> > Sorry, try again.
> > Password:                          <---- blank password and press CTRL + C
> > mysuse:/home/client #
> > mysuse:/home/client # uname -a; id; uptime
> > Linux mysuse 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC 2005 i686
> > i686 i386 GNU/Linux
> > uid=0(root) gid=0(root) groups=0(root)
> >  12:29pm  up   2:45,  3 users,  load average: 0.14, 0.29, 0.45
> > mysuse:/home/client #
> >
> > Other sudo version is not check yet, about affect in other distro of
> > linux not check too but possible vulnerable, please check it. SuSE
> > Security still contacted by me.
> 
> I cannot reproduce this in the default installation of sudo in SUSE Linux
> 9.3.
> 
> Did you adapt the sudo config file in some way?
> 
> What exactly do you mean with "blank password" ? Empty? Or a number
> of spaces?
> 
> Ciao, Marcus
> 
> 
>

References:
- [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
  - From: Xnuxer Security
- Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
  - From: Marcus Meissner

Prev by Date: Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
Next by Date: Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4
Previous by thread: Re: [security@xxxxxxx] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
Next by thread: Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3
Index(es):
- Date
- Thread