vendor:
Sudo
by:
Kingcope
7.2
CVSS
HIGH
Local Privilege Escalation
264
CWE
Product Name: Sudo
Affected Version From: 1.6.9p18
Affected Version To: 1.6.9p18
Patch Exists: YES
Related CWE: N/A
CPE: a:sudo:sudo
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: FreeBSD-7.0, RedHat Linux
2008
Sudo <= 1.6.9p18 local r00t exploit
This exploit allows a user to gain root privileges on a system running Sudo version 1.6.9p18 or earlier. The exploit requires a special configuration in the sudoers file, which allows environment variables to be preserved. The user must also know the password of the current user. The exploit is written in C and requires two files to be compiled and executed. The first file is a shared library which is loaded by sudo, and the second is a program which is executed by sudo. The shared library contains code which sets the user and group ID to 0, and then executes a shell script which creates a root shell.
Mitigation:
Upgrade to a version of Sudo which is not vulnerable to this exploit.