[lugm.org] sudo vulnerability
Loganaden Velvindron
gnukid1 at yahoo.co.uk
Thu Feb 2 15:03:55 UTC 2012
it requires a tool like ln. ln calls stat(4), which does not require r bit.
x bit seems to be enough.
________________________________
From: Ajay R Ramjatan <ajay.ramjatan at gmail.com>
To: Loganaden Velvindron <gnukid1 at yahoo.co.uk>; LUGM Discuss Mailing List <discuss at lugm.org>
Sent: Tuesday, 31 January 2012, 10:18
Subject: Re: [lugm.org] sudo vulnerability
Thanks for the patch. Does the attacker need only execute rights on
sudo or does he require read rights too for the exploit to work?
On Tue, Jan 31, 2012 at 01:07, Loganaden Velvindron <gnukid1 at yahoo.co.uk> wrote:
> Hi,
>
>
> There's a format string vulnerability in sudo version 1.8.x.
>
> In case you can't upgrade to the latest sudo which patches this
> vulnerability among other things (1.8.3p2)
>
> CVE is not posting details for the moment:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-0809
>
> It can work even without having the user added to the sudoers list. If
> the user can execute sudo, that's enough to start playing around, and gain
> root.
>
> I wrote a patch based on the fix provided by millert.
> http://devio.us/~loganaden/sudo.c.patch. It works on older 1.8.x releases.
>
> Instructions:
> cp sudo.c sudo.c.orig
> patch < sudo.c.patch
>
> I'd advise to update to the latest version which has other fixes as well.
>
> __________________________________________________________
> Linux User Group of Mauritius (LUGM) Discuss mailing list
> Website: http://lugm.org
> Mailing list archive: http://lugm.org/pipermail/discuss_lugm.org/
> Forum: http://lugm.org/forum/
> IRC: #linux.mu on Freenode
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20120202/ccf5f3aa/attachment.html>
More information about the Discuss
mailing list