The LD_PRELOAD is being followed due to the "ALL" command list. For sudoers
lines that do not have this, it is disallowed:
sudo: sorry, you are not allowed to set the following environment variables:
LD_PRELOAD
This is only an exploit for configurations using "setenv", which is very
dangerous (for this reason).
** Summary changed:
- Privilege Escalation Exploit with setenv (v. <= 1.6.9p18 )
+ Privilege Escalation Exploit with setenv or ALL (v. <= 1.6.9p18 )
** Changed in: sudo (Ubuntu)
Status: New => Invalid
--
Privilege Escalation Exploit with setenv or ALL (v. <= 1.6.9p18 )
https://bugs.launchpad.net/bugs/349075
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
