Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-announce
Navigation:
Lists: gentoo-announce: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o, gentoo-announce@g.o, lwn@...
From: Seemant Kulleen <seemant@g.o>
Subject: Buffer overflow in sudo
Date: Thu, 25 Apr 2002 19:51:16 -0700
- -----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
- -----------------------------------------------------------------------
PACKAGE         : sudo
SUMMARY         : security vulnerability in sudo
DATE            : Apr 26 02:47:22 UTC 2002
- -----------------------------------------------------------------------

OVERVIEW

A security vulnerability has been found that might allow a local attacker
to gain elevated priveleges.  This affects Gentoo's and sudo-1.6.5_p2
prior packages.


DETAIL

Fix for a security vulnerability that could allow local attackers to gain
elevated privileges though a buffer overflow exploit, related to the
expansion of %h and %u in the prompt.  Full details available at
http://www.sudo.ws/pipermail/sudo-announce/2002-April/000020.html


SOLUTION

It is recommended that all Gentoo Linux users who are running sudo update
their systems as follows.

emerge --clean rsync
emerge sudo
emerge clean

- ------------------------------------------------------------------------
bangert@g.o
seemant@g.o
drobbins@g.o
- ------------------------------------------------------------------------


Navigation:
Lists: gentoo-announce: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Gentoo.org Maintenance this weekend
Next by thread:
Security vulnerability in icecast
Previous by date:
Gentoo.org Maintenance this weekend
Next by date:
Security vulnerability in icecast


Updated Jun 17, 2009

Summary: Archive of the gentoo-announce mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.