Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-1831

Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.

Published

2005-05-31T04:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	todd_miller	sudo	1.6.8p7	Yes

References

http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html ([email protected])
http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html ([email protected])
http://marc.info/?l=bugtraq&m=111755694008928&w=2 ([email protected])
http://www.osvdb.org/20417 ([email protected])
http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html (af854a3a-2127-422b-91ae-364da2661108)
http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=111755694008928&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/20417 (af854a3a-2127-422b-91ae-364da2661108)