Todd Miller Sudo Kerberos Authentication Local Authentication Bypass Weakness

Todd Miller Sudo Kerberos Authentication Local Authentication Bypass Weakness

The 'sudo' utility is prone to a local authentication-bypass weakness when used in conjunction with Kerberos. Attackers must first gain local, interactive access to a computer running 'sudo' configured to authenticate via Kerberos. They may do this by exploiting other latent vulnerabilities.

Successfully exploiting this issue allows local attackers to bypass sudo's authentication prompt, allowing them to perform actions that are granted to users via the 'sudoers' file.

This issue affects 'sudo' 1.6.8p12; other versions may also be affected.