Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating Sudo catches SIGINT and returns an empty string for the password so I dont see how this could happen unless the users actual password was empty.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sudo | Todd_miller | 1.6.8p7 (including) | 1.6.8p7 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html
- http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html
- http://marc.info/?l=bugtraq\u0026m=111755694008928\u0026w=2
- http://www.osvdb.org/20417
- http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html
- http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html
- http://marc.info/?l=bugtraq\u0026m=111755694008928\u0026w=2
- http://www.osvdb.org/20417