Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Slackware This Forum is for the discussion of Slackware Linux.


  Search this Thread
Old 03-05-2013, 01:25 PM   #1
Registered: Jun 2002
Location: South Africa
Distribution: Customised Slackware64-14.1 with multilib
Posts: 260

Rep: Reputation: 59
Security vulnerability in sudo allows privilege escalation

Interesting vulnerability that allows a user listed in /etc/sudoers to bypass authentication by resetting the time stamp file with "sudo -k" or removing it with "sudo -K".

Probably not as big a deal for Slackware as it could be for *buntu but perhaps this could be a convenient time for Pat to upgrade sudo anyway.

I've built 1.8.6p7 using the SlackBuild in current and sudo seems to function as it did before.
Old 03-05-2013, 02:03 PM   #2
Senior Member
Registered: May 2008
Posts: 3,810

Rep: Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230Reputation: 1230
Anyone with any sense will have set "timestamp_timeout = 0" as the sudo password caching thing is inherently insecure anyway.
It's even worse for Ubuntu of course because of their idiotic misuse of sudo i.e "ALL = (ALL) ALL" rather than more specific targeting of allowed commands.

Besides, if unprivileged users can change your system time then IMO you have bigger problems.
1 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Think I might have just hit a privilege escalation bug Cultist Linux - General 3 06-09-2011 07:33 AM
postfix local privilege escalation... trist007 Linux - Security 4 03-30-2011 03:55 PM
Privilege Escalation - Getting 'root' privilege Rahil Parikh Linux - Security 2 12-02-2010 02:04 AM
Intel CPU Privilege Escalation Exploit H_TeXMeX_H Linux - Security 4 04-22-2009 04:57 PM
Linux Privilege Escalation The.Hammer.911 Linux - Security 1 05-10-2007 07:07 PM

All times are GMT -5. The time now is 02:53 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration