![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: Seemant Kulleen <seemant@gentoo.org> To: gentoo-security@gentoo.org, gentoo-announce@gentoo.org, lwn@lwn.net Subject: Buffer overflow in sudo Date: Thu, 25 Apr 2002 19:51:16 -0700 - ----------------------------------------------------------------------- GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT - ----------------------------------------------------------------------- PACKAGE : sudo SUMMARY : security vulnerability in sudo DATE : Apr 26 02:47:22 UTC 2002 - ----------------------------------------------------------------------- OVERVIEW A security vulnerability has been found that might allow a local attacker to gain elevated priveleges. This affects Gentoo's and sudo-1.6.5_p2 prior packages. DETAIL Fix for a security vulnerability that could allow local attackers to gain elevated privileges though a buffer overflow exploit, related to the expansion of %h and %u in the prompt. Full details available at http://www.sudo.ws/pipermail/sudo-announce/2002-April/000020.html SOLUTION It is recommended that all Gentoo Linux users who are running sudo update their systems as follows. emerge --clean rsync emerge sudo emerge clean - ------------------------------------------------------------------------ bangert@gentoo.org seemant@gentoo.org drobbins@gentoo.org - ------------------------------------------------------------------------