Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.
References
Configurations
History
20 Nov 2024, 23:58
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html - | |
References | () http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html - | |
References | () http://marc.info/?l=bugtraq&m=111755694008928&w=2 - | |
References | () http://www.osvdb.org/20417 - |
07 Nov 2023, 01:57
Type | Values Removed | Values Added |
---|---|---|
Summary | Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty. |
Information
Published : 2005-05-31 04:00
Updated : 2024-11-20 23:58
NVD link : CVE-2005-1831
Mitre link : CVE-2005-1831
CVE.ORG link : CVE-2005-1831
JSON object : View
Products Affected
todd_miller
- sudo
CWE