Potential Hack in sudo?
blr at robertsr.us
blr at robertsr.us
Sun Apr 15 00:22:35 MDT 2007
> You know I didn't put that much thought into it, but I think I guess
> it counts as a semi-vulnerability for any OS that has a sudo'rs group.
> It's also not ubuntu, it's just an old gentoo box, I dragged out of the
> garage.
> AFAIK ubuntu has no root account, so the "hack" would be essentially
> pointless.
Last time I used it, it had a root user, but login was disabled.
>
> This isn't really supposed to be a vulnerability report, I'm just
> posting a quick FYI on how I just rooted my own box, in case anyone
> else ever runs into a similar need :)
>
> Anyways try it on your own box and see if it works.
>
I believe any distro that has sudo and a user in the sudoers file with ALL
access, you can just:
sudo su -
or even:
sudo -s
and then you're logged in as root and you can run passwd, etc.
And I think it's pretty common on distro's like Ubuntu and Knoppix where
you can't login as root to do that to get a root shell.
More information about the PLUG
mailing list