On Thu, Mar 26, 2009 at 10:12:09PM -0000, Claudio Moretti wrote:
> clau...@mycroft:~$ sudo -K
> clau...@mycroft:~$ sudo echo 1
> [sudo] password for claudio:
> 1
You entered your password here. Therefore the next command will be able to
use sudo without prompting:
> clau...@mycroft:~$ ./sudo.sh
> Sudo <= 1.6.9p18 local r00t exploit
> by Kingcope/2008/www.com-winner.com
> Please give me a program to run via sudo.
> Allowed programs:
> User claudio may run the following commands on this host:
> (ALL) ALL
> "
> And that's what I see as the real bug: I must not be able to use an
old sudo (one that was 'sudo -K'ed) to gain root access...
Sudo is designed to allow future sudo's to operate for a certain amount of
time. See "man sudoers":
timestamp_timeout
Number of minutes that can elapse before sudo will ask
for a passwd again. The default is 15. Set this to 0
to always prompt for a password. If set to a value
less than 0 the user’s timestamp will never expire.
This can be used to allow users to create or delete
their own timestamps via sudo -v and sudo -k respec‐
tively.
--
Privilege Escalation Exploit with setenv or ALL (v. <= 1.6.9p18 )
https://bugs.launchpad.net/bugs/349075
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
