|
|
|
|
|
|
by shocks
4862 days ago
|
|
|
http://www.openwall.com/lists/oss-security/2013/02/27/22 When a user successfully authenticates with sudo, a time stamp file is updated to allow that user to continue running sudo without requiring a password for a preset time period (five minutes by default). The user's time stamp file can be reset using "sudo -k" or removed altogether via "sudo -K". A user who has sudo access and is able to control the local clock (common in desktop environments) can run a command via sudo without authenticating as long as they have previously authenticated themselves at least once by running "sudo -k" and then setting the clock to the epoch (1970-01-01 01:00:00). The vulnerability does not permit a user to run commands other than those allowed by the sudoers policy. |
|
|