BugTraq
Sudo: local root compromise with krb5 enabled Jun 07 2007 01:57AM
Thor Lancelot Simon (tls rek tjls com) (2 replies)
Re: Sudo: local root compromise with krb5 enabled Jun 07 2007 05:13PM
James Downs (egon egon cc) (1 replies)
Re: Sudo: local root compromise with krb5 enabled Jun 07 2007 07:55PM
Mark Senior (senatorfrog gmail com) (1 replies)
Re: Sudo: local root compromise with krb5 enabled Jun 07 2007 08:05PM
Todd C. Miller (Todd Miller courtesan com)
In message <70f230c70706071255k7338dc5bn85bb1ac5fe6c2fc7 (at) mail.gmail (dot) com [email concealed]>
so spake "Mark Senior" (senatorfrog):

> In other words, in the SuSE default config, sudo is just an
> overcomplicated su - to sudo something as root, you need not your own
> password, but root's - except you don't have to be in wheel to use it.
>
> If sudo is configured as above, and uses kerberos, then all users
> might be able to exploit this.

This bug does not affect builds of sudo that use PAM or BSD
authentication for password verification so there is really no
impact on SuSE.

- todd

[ reply ]
Re: Sudo: local root compromise with krb5 enabled Jun 07 2007 03:19AM
Thor Lancelot Simon (tls rek tjls com) (1 replies)
MIT krb5: makes sudo authentication issue MUCH worse. Jun 07 2007 03:37AM
Thor Lancelot Simon (tls rek tjls com)


 

Privacy Statement
Copyright 2010, SecurityFocus