Bug 454398 - (CVE-2008-3067) CVE-2008-3067 sudo: does not flush stdin buffer on password timeout
CVE-2008-3067 sudo: does not flush stdin buffer on password timeout
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
  Show dependency treegraph
Reported: 2008-07-08 04:58 EDT by Tomas Hoger
Modified: 2010-12-23 16:30 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-12-23 16:30:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2008-07-08 04:58:44 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3067 to the following vulnerability:

sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.

Comment 1 Tomas Hoger 2008-07-08 05:00:46 EDT
According to upstream (Todd C. Miller), the issue was introduced in in version
1.6.9 when the TCSAFLUSH was changed to TCSADRAIN.  Issue was fixed upstream in
Comment 2 Tomas Hoger 2008-07-08 05:20:51 EDT
Steps to reproduce:

$ sudo some_cmd

On password prompt, type your password, but not enter.  Wait for passwd_timeout
(5min by default).  After sudo times-out, entered password appears on the shell
command line.

Confirmed on Fedora 8, which is the only affected version.  Fedora 9 and later
is based on fixed upstream version.

This issue did not affect the versions of sudo as shipped with Red Hat
Enterprise Linux 2.1, 3, 4, or 5, as they are based on old, unaffected version.

Note You need to log in before you can comment on or make changes to this bug.