Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

Paranoia is simply an optimistic outlook on life.


rocksolid / Security / Privilege escalation in sudo

SubjectAuthor
o Privilege escalation in sudoAnonymous

1
Subject: Privilege escalation in sudo
From: Anonymous
Newsgroups: rocksolid.shared.security
Organization: def5
Date: Wed, 27 Jan 2021 16:14 UTC
Path: i2pn2.org!rocksolid2!def5!.POSTED.bogusentry!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Privilege escalation in sudo
Date: Wed, 27 Jan 2021 08:14:35 -0800
Organization: def5
Message-ID: <opsec.772.3odeoq@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: def5.org; posting-host="bogusentry:192.168.1.189";
logging-data="32569"; mail-complaints-to="usenet@def5.org"
View all headers
"A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the bug. "

https://www.sudo.ws/alerts/unescape_overflow.html

Happy hacking.

--
Posted on def2


1
rocksolid light 0.7.2
clearneti2ptor