CVE-2005-1831

Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.
Configurations

Configuration 1 (hide)

cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:*

History

20 Nov 2024, 23:58

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html - () http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html -
References () http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html - () http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html -
References () http://marc.info/?l=bugtraq&m=111755694008928&w=2 - () http://marc.info/?l=bugtraq&m=111755694008928&w=2 -
References () http://www.osvdb.org/20417 - () http://www.osvdb.org/20417 -

07 Nov 2023, 01:57

Type Values Removed Values Added
Summary ** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty." Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.

Information

Published : 2005-05-31 04:00

Updated : 2024-11-20 23:58


NVD link : CVE-2005-1831

Mitre link : CVE-2005-1831

CVE.ORG link : CVE-2005-1831


JSON object : View

Products Affected

todd_miller

  • sudo