Dani Firman Syah

**Name of the Vulnerable Software and Affected Versions** Sudo version 1.6.8p7 **Description** The issue allows local users to potentially gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. However, it has been noted that Sudo catches SIGINT and returns an empty string for the password, suggesting that the issue may only occur if the user's actual password was empty. SuSE and multiple third-party researchers have not been able to replicate this issue. **Recommendations** For Sudo version 1.6.8p7, consider updating to a newer version that addresses this potential issue, although no specific fix has been confirmed due to the inability to replicate the problem. As a precaution, ensure that all user passwords are properly set and not empty to minimize potential risks.