Vulnerability: gain root powers without the sudo password

By | March 12, 2013
Most flavors of Linux affected.

If you don't know the sudo password, and want to run a script which needs sudo, run a "magic script" and wait for the real sudo user to log in and run sudo. Then the magic script uses this vulnerability to give you sudo rights.

/via +Sai

Reshared post from +Ryan Castellucci

One of my coworkers informed me this morning that I am credited on CVE-2013-1776.

More details: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839
PoC exploit: https://gist.github.com/ryancdotorg/5136278

Embedded Link

Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability
SecurityFocus is designed to facilitate discussion on computer security related topics, create computer security awareness, and to provide the Internet’s largest and most comprehensive database of com…

5 thoughts on “Vulnerability: gain root powers without the sudo password

  1. Abe Pectol

    > isn't very threatening

    yes, thankfully it's a rather thin/rare case.
    (I"m still getting used from the time when a vulnerability could possibly mean “remote code execution on any system” (like that microsoft rpc exploit on lan))

    Also, are keyloggers made impossible already? Since, as it seems to me, they pretty much supersede this exploit.

    Reply
  2. Michael Safyan

    +Alex Chekholko , sure it is. Imagine you install a seemingly innocuous piece of software (e.g. an image editor). You would never expect this software to run as root. However, this vulnerability would allow this program to gain root access by waiting for you to run sudo on some other, unrelated command, and use it to escalate its own level of privilege. So, yeah, that is a pretty serious vulnerability.

    Reply
  3. Alex Chekholko

    This isn't very threatening.  You have to be the same user as the one who ran a sudo command in the last 5mins, and it only allows you to do what's specified in the sudoers file.

    Reply

Leave a Reply

Your email address will not be published.