MDKSA-2002:003

Package name

sudo

Date

2002-01-15

Advisory ID

MDKSA-2002:003

Affected versions

8.1 i586 , SNF7.2 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.0 i586 , 7.1 i586 , 7.2 i586

Problem description

The SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail (or equivalent mailer) program with root privileges and an environment that is not completely clean. This problem has been fixed upstream by the author in sudo 1.6.4 and it is highly recommended that all users upgrade regardless of what mailer you are using.

Updated packages

8.1 i586

 f1003964d7e815bd0054db72dcefa289  ia64/8.1/RPMS/sudo-1.6.4-1.1mdk.ia64.rpm
8a585cf0aea36387a923800849f6dd65  ia64/8.1/SRPMS/sudo-1.6.4-1.1mdk.src.rpm

SNF7.2 i586

 5bf0a34d9a7b8a25e8492d16c2023ae4  snf7.2/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65  snf7.2/SRPMS/sudo-1.6.4-1.1mdk.src.rpm

CS1.0 i586

 18f6a3fcf02612b9793e4e5fa5837f57  1.0.1/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65  1.0.1/SRPMS/sudo-1.6.4-1.1mdk.src.rpm

8.1 i586

 62485ba0edd13e7a574e65adcc9ccd90  8.1/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65  8.1/SRPMS/sudo-1.6.4-1.1mdk.src.rpm

8.0 i586

 6485ad4e345eb0e4920f856d65808235  8.0/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65  8.0/SRPMS/sudo-1.6.4-1.1mdk.src.rpm

8.0 i586

 0a5621d56f98e4ee7f319df27bff056b  ppc/8.0/RPMS/sudo-1.6.4-1.1mdk.ppc.rpm
8a585cf0aea36387a923800849f6dd65  ppc/8.0/SRPMS/sudo-1.6.4-1.1mdk.src.rpm

7.1 i586

 18f6a3fcf02612b9793e4e5fa5837f57  7.1/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65  7.1/SRPMS/sudo-1.6.4-1.1mdk.src.rpm

7.2 i586

 5bf0a34d9a7b8a25e8492d16c2023ae4  7.2/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65  7.2/SRPMS/sudo-1.6.4-1.1mdk.src.rpm