Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×
Unix

Submission + - Sudo Authentication bypass Vulnerability Emerges->

hypnosec writes: A new vulnerability has been discovered in sudo whereby protection offered by the utility can be bypassed to execute commands which are otherwise only executable through sudo along with the correct password. If a few prerequisites are met; the sudo timestamp is reset using sudo -k; and system time clock is set to epoch the user can execute commands without having to enter password again. The Sudo versions that are affected by this vulnerability are 1.6.0 through to 1.7.10p6; 1.8.0 through to 1.8.6p6. Versions where the vulnerability is fixed have already been made available – 1.7.10p7 and 1.8.6p7.
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Sudo Authentication bypass Vulnerability Emerges

Comments Filter:

"Ignorance is the soil in which belief in miracles grows." -- Robert G. Ingersoll

Working...