Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.
References
Configurations
History
07 Nov 2023, 01:57
Type | Values Removed | Values Added |
---|---|---|
Summary | Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty. |
Information
Published : 2005-05-31 04:00
Updated : 2024-08-07 22:15
NVD link : CVE-2005-1831
Mitre link : CVE-2005-1831
CVE.ORG link : CVE-2005-1831
JSON object : View
Products Affected
todd_miller
- sudo
CWE