Package name
sudo
Date
2002-04-25
Advisory ID
MDKSA-2002:028
Affected versions
8.1 i586 , SNF7.2 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.1 i586 , 7.2 i586

Problem description

A problem was discovered by fc, with further research by Global InterSec, in the sudo program with the password prompt parameter (-p). Sudo can be tricked into allocating less memory than it should for the prompt and in certain conditions it is possible to exploit this flaw to corrupt the heap in such a way that could be used to execute arbitary commands. Because sudo is generally suid root, this can lead to an elevation of privilege for local users.

Updated packages

8.1 i586

 80e0441fe8ebdd804adbe0fb3127c950  ia64/8.1/RPMS/sudo-1.6.4-3.1mdk.ia64.rpm
552ef456ff9fd4028bd8371b808adae6  ia64/8.1/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

SNF7.2 i586

 53cd161682fc5ec047bbab190037e7cb  snf7.2/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  snf7.2/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

CS1.0 i586

 2214bb7c879f0c34425d379795a447ee  1.0.1/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  1.0.1/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

8.1 i586

 d6cccdaaca2a338bcd75290bef1c3440  8.1/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  8.1/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

8.0 i586

 a35538cd7efe7c9a34a6dc81b767e3ea  8.0/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  8.0/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

8.2 i586

 752d02e218508c12a3d4500e3c8fe842  8.2/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  8.2/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

8.0 i586

 867b935b9e39afaca5535c25673f2860  ppc/8.0/RPMS/sudo-1.6.4-3.1mdk.ppc.rpm
552ef456ff9fd4028bd8371b808adae6  ppc/8.0/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

8.2 i586

 fa9ee180fdf44ed92f9c27ee96096471  ppc/8.2/RPMS/sudo-1.6.4-3.1mdk.ppc.rpm
552ef456ff9fd4028bd8371b808adae6  ppc/8.2/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

7.1 i586

 2214bb7c879f0c34425d379795a447ee  7.1/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  7.1/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

7.2 i586

 53cd161682fc5ec047bbab190037e7cb  7.2/RPMS/sudo-1.6.4-3.1mdk.i586.rpm
552ef456ff9fd4028bd8371b808adae6  7.2/SRPMS/sudo-1.6.4-3.1mdk.src.rpm

References