CVE-2005-1831

Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.

Published: May 31, 2005
Updated: Nov 8, 2023
CVE: CVE-2005-1831
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
todd_miller / sudo	1.6.8p7	1.6.8p7.x

http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html
http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html
http://marc.info/?l=bugtraq&m=111755694008928&w=2
http://www.osvdb.org/20417

Vulnerability Database

289,689

CVE-2005-1831