Red Hat Bugzilla – Bug 454398
CVE-2008-3067 sudo: does not flush stdin buffer on password timeout
Last modified: 2010-12-23 16:30:37 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3067 to the following vulnerability:
sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.
According to upstream (Todd C. Miller), the issue was introduced in in version
1.6.9 when the TCSAFLUSH was changed to TCSADRAIN. Issue was fixed upstream in
Steps to reproduce:
$ sudo some_cmd
On password prompt, type your password, but not enter. Wait for passwd_timeout
(5min by default). After sudo times-out, entered password appears on the shell
Confirmed on Fedora 8, which is the only affected version. Fedora 9 and later
is based on fixed upstream version.
This issue did not affect the versions of sudo as shipped with Red Hat
Enterprise Linux 2.1, 3, 4, or 5, as they are based on old, unaffected version.