[原文]** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty."
SuSE Linux sudo Blank Password Authentication Bypass
Local Access Required
Loss of Integrity
sudo on SuSE Linux has been reported to contain a flaw allowing local privilege escalation. Initial reports indicate that a local user can provide a blank (NULL) password to bypass authentication. Subsequent tests by various people (including the SuSE Linux team) have not been able to reproduce this with any configuration.
The vulnerability reported is incorrect. No solution required.