LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 03-05-2013, 01:25 PM   #1
fskmh
Member
 
Registered: Jun 2002
Location: South Africa
Distribution: Slackware64-current multilib
Posts: 235

Rep: Reputation: 55
Security vulnerability in sudo allows privilege escalation


Interesting vulnerability that allows a user listed in /etc/sudoers to bypass authentication by resetting the time stamp file with "sudo -k" or removing it with "sudo -K".

http://www.sudo.ws/sudo/alerts/epoch_ticket.html

Probably not as big a deal for Slackware as it could be for *buntu but perhaps this could be a convenient time for Pat to upgrade sudo anyway.

I've built 1.8.6p7 using the SlackBuild in current and sudo seems to function as it did before.
 
Old 03-05-2013, 02:03 PM   #2
GazL
Senior Member
 
Registered: May 2008
Posts: 3,481

Rep: Reputation: 1016Reputation: 1016Reputation: 1016Reputation: 1016Reputation: 1016Reputation: 1016Reputation: 1016Reputation: 1016
Anyone with any sense will have set "timestamp_timeout = 0" as the sudo password caching thing is inherently insecure anyway.
It's even worse for Ubuntu of course because of their idiotic misuse of sudo i.e "ALL = (ALL) ALL" rather than more specific targeting of allowed commands.

Besides, if unprivileged users can change your system time then IMO you have bigger problems.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Think I might have just hit a privilege escalation bug Cultist Linux - General 3 06-09-2011 07:33 AM
postfix local privilege escalation... trist007 Linux - Security 4 03-30-2011 03:55 PM
Privilege Escalation - Getting 'root' privilege Rahil Parikh Linux - Security 2 12-02-2010 02:04 AM
Intel CPU Privilege Escalation Exploit H_TeXMeX_H Linux - Security 4 04-22-2009 04:57 PM
Linux Privilege Escalation The.Hammer.911 Linux - Security 1 05-10-2007 07:07 PM


All times are GMT -5. The time now is 06:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration