Security vulnerability in sudo allows privilege escalation

fskmh · 03-05-2013, 12:25 PM

Interesting vulnerability that allows a user listed in /etc/sudoers to bypass authentication by resetting the time stamp file with "sudo -k" or removing it with "sudo -K".

http://www.sudo.ws/sudo/alerts/epoch_ticket.html

Probably not as big a deal for Slackware as it could be for *buntu but perhaps this could be a convenient time for Pat to upgrade sudo anyway.

I've built 1.8.6p7 using the SlackBuild in current and sudo seems to function as it did before.

GazL · 03-05-2013, 01:03 PM

Anyone with any sense will have set "timestamp_timeout = 0" as the sudo password caching thing is inherently insecure anyway.
It's even worse for Ubuntu of course because of their idiotic misuse of sudo i.e "ALL = (ALL) ALL" rather than more specific targeting of allowed commands.

Besides, if unprivileged users can change your system time then IMO you have bigger problems.