[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] sudo buffer overflow

To: linux-security
Subject: [linux-security] sudo buffer overflow
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 14 Mar 2001 14:01:21 -0800
User-Agent: Mutt/1.2i

Topic
=====
local root exploit in sudo

Problem descirption
===================
A buffer overflow in sudo (versions < 1.6.3p6) can potentially be used to
gain root privilages on the local system.

Affected Systems
================
Systems that have sudo with versions < 1.6.3p6 installed.

Remark
======
Installing and using sudo is good security practise. If your Linux distribution
does not provide a sudo packages, you can pick up one from sphinx.sfu.ca
in the directory /vol/vol1/distrib/redhat/contrib.

Solution
========
Upgrade to version 1.6.3p6

RedHat 6.x
----------
RedHat 6.x did not come with sudo. Use the sudo package from sphinx
(see remark above).

RedHat 7.0
----------
rpm -Uvh sudo-1.6.3p6-1.i386.rpm

Debian 2.2 (potato)
-------------------
update to sudo_1.6.2p2-1potato1_i386.deb
(this is a patched 1.6.2p2 version that no longer contains the bug)

Mandrake 7.1
------------
rpm -Uvh sudo-1.6.3p6-1.3mdk.i586.rpm

Mandrake 7.2
------------
rpm -Uvh sudo-1.6.3p6-1.1mdk.i586.rpm

Prev by Date: [linux-security] buffer overflow in crontab command
Next by Date: [linux-security] more Zope bugs
Prev by thread: [linux-security] more Zope bugs
Next by thread: [linux-security] buffer overflow in crontab command
Index(es):
- Date
- Thread