Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE : sudo
SUMMARY : security vulnerability in sudo
DATE : Apr 26 02:47:22 UTC 2002
- -----------------------------------------------------------------------
OVERVIEW
A security vulnerability has been found that might allow a local attacker
to gain elevated priveleges. This affects Gentoo's and sudo-1.6.5_p2
prior packages.
DETAIL
Fix for a security vulnerability that could allow local attackers to gain
elevated privileges though a buffer overflow exploit, related to the
expansion of %h and %u in the prompt. Full details available at
http://www.sudo.ws/pipermail/sudo-announce/2002-April/000020.html
SOLUTION
It is recommended that all Gentoo Linux users who are running sudo update
their systems as follows.
emerge --clean rsync
emerge sudo
emerge clean
- ------------------------------------------------------------------------
bangert@g.o
seemant@g.o
drobbins@g.o
- ------------------------------------------------------------------------
|
|
